CVE-2025-11256

Published: Oct 18, 2025Modified: Oct 21, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversations.

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (3)

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3380313%40chatbot-chatgpt&new=3380313%40chatbot-chatgpt&sfp_email=&sfph_mail=

Source: security@wordfence.com

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3380317%40chatbot-chatgpt&new=3380317%40chatbot-chatgpt&sfp_email=&sfph_mail=

Source: security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8fe389-ff44-4be3-889b-0006977f4f3c?source=cve

Source: security@wordfence.com

Timeline

No history available yet.