Primary

Context

WPBot Pro WordPress Chatbot Unauthenticated Arbitrary File Upload Vulnerability

Vulnerability

Patched

A vulnerability allowing arbitrary file uploads has been identified in the WPBot Pro WordPress Chatbot plugin, affecting all versions through 13.5.4. The issue arises from inadequate file type validation in the 'qcld_wpcfb_file_upload' function, enabling unauthenticated attackers to upload arbitrary files to the server. This vulnerability could potentially lead to remote code execution. Exploitation requires the ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.

Impact

The vulnerability allows for arbitrary file uploads, which could be exploited to execute malicious files on the server, potentially leading to remote code execution.

Remediation

Users are advised to update the WPBot Pro WordPress Chatbot plugin to version 13.5.6 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WPBot Pro WordPress Chatbot Unauthenticated Arbitrary File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

QuantumCloud WPBot Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating