The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-10-19T05:34:10.565Z

Updated: 2024-08-02T07:52:08.533Z

Reserved: 2023-09-27T18:46:43.130Z

Link: CVE-2023-5241

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-19T06:15:11.690

Modified: 2024-11-21T08:41:21.530

Link: CVE-2023-5241

cve-icon Redhat

No data.