Primary

Context

WPBot Pro WordPress Chatbot Missing Authorization Vulnerability in Simple Text Response Creation

Vulnerability

Patched

A vulnerability exists in the WPBot Pro WordPress Chatbot plugin, all versions through 13.5.5, due to a lack of proper capability checks in the 'qc_wp_latest_update_check_pro' function. This flaw allows authenticated attackers with Subscriber-level access or higher to create Simple Text Responses for chat queries, leading to unauthorized data modification.

Impact

Exploitation of this vulnerability allows for unauthorized creation of Simple Text Responses in the chatbot, potentially leading to misinformation or manipulation of chatbot interactions.

Remediation

Users can update to WPBot Pro version 13.5.6 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WPBot Pro WordPress Chatbot Missing Authorization Vulnerability in Simple Text Response Creation

Vulnerability

Impact

Remediation

Affected Products

QuantumCloud WPBot Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating