Quantumcloud

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4253 1Quantumcloud 1Wpbot May 12, 2025 Sep 4, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered...Show more The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2021-4424 1Quantumcloud 1Slider Hero Apr 8, 2026 Jul 12, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. T...Show more The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-3175 1Quantumcloud 1Wpbot May 12, 2025 Jul 10, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disal...Show more The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.Show less
CVE-2023-2811 1Quantumcloud 1Wpbot May 12, 2025 Jun 19, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when se...Show more The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbotShow less
CVE-2023-2742 1Quantumcloud 1Wpbot May 12, 2025 Jun 19, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disa...Show more The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.Show less
CVE-2023-1660 1Quantumcloud 1Wpbot May 12, 2025 May 8, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping wh...Show more The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboardShow less
CVE-2023-1651 1Quantumcloud 1Wpbot May 12, 2025 May 8, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Further...Show more The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSSShow less
CVE-2023-1650 1Quantumcloud 1Wpbot May 12, 2025 May 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is pr...Show more The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blogShow less
CVE-2023-1649 1Quantumcloud 1Wpbot May 12, 2025 May 8, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilt...Show more The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2023-1011 1Quantumcloud 1Wpbot May 12, 2025 May 8, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS...Show more The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.Show less
CVE-2023-23981 1Quantumcloud 1Conversational Forms For Chatbot Nov 21, 2024 Apr 6, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.
CVE-2022-47613 1Quantumcloud 1Wpbot May 12, 2025 Mar 29, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.
CVE-2023-24415 1Quantumcloud 1Chatbot Nov 21, 2024 Feb 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
CVE-2022-3074 1Quantumcloud 1Slider Hero May 22, 2025 Sep 26, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.
CVE-2022-0760 1Quantumcloud 1Simple Link Directory Nov 21, 2024 Mar 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and auth...Show more The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL InjectionShow less
CVE-2022-0747 1Quantumcloud 1Infographic Maker Nov 21, 2024 Mar 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authentic...Show more The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL InjectionShow less
CVE-2021-24725 1Quantumcloud 1Comment Link Remove And Other Comment Tools Nov 21, 2024 Sep 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments
CVE-2021-24506 1Quantumcloud 1Slider Hero Nov 21, 2024 Aug 23, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users wi...Show more The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.Show less
CVE-2019-13463 1Quantumcloud 1Simple Link Directory Nov 21, 2024 Mar 20, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the...Show more An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.Show less

Previous 12