Directory Traversal Vulnerability in AI ChatBot for WordPress Allows DoS via qcld_openai_upload_pagetraining_file Function

Directory Traversal Vulnerability in AI ChatBot for WordPress Allows DoS via qcld_openai_upload_pagetraining_file Function

CVE-2023-5241 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.

Learn more about our Wordpress Pen Testing.