Primary

Context

Kognetiks Chatbot WordPress Plugin Unauthorized File Upload and Data Modification Vulnerability

Vulnerability

Patched

A vulnerability exists in the Kognetiks Chatbot plugin for WordPress, in all versions through 2.3.5. The issue arises from a lack of proper capability checks, allowing unauthenticated users to upload certain safe file types and delete conversations. This unauthorized data modification could be exploited by attackers to disrupt user interactions or manipulate chatbot data.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of chatbot conversations and potentially allow for the upload of limited safe files, which could be used to further manipulate the chatbot's behavior or data.

Remediation

Users are advised to update the Kognetiks Chatbot plugin to version 2.3.6 or a later patched version.

Added: Oct 18, 2025, 8:16 AM

Updated: Oct 18, 2025, 8:16 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kognetiks Chatbot WordPress Plugin Unauthorized File Upload and Data Modification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Kognetiks Chatbot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating