Описание
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users.
Ссылки
- Exploit
- Patch
- Third Party Advisory
- Exploit
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.9.1 (исключая)
cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 58%
0.00365
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users.
EPSS
Процентиль: 58%
0.00365
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo