AI ChatBot < 4.9.1 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file

2023-11-2300:00:00

wpscan.com

ai chatbot

wordpress

directory traversal

file write

vulnerability

version 4.9.2

qcld_openai_upload_pagetraining_file

subscriber-level attackers

AI Score

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

Description The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "

References

www.wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993