Impact
The vulnerability is a path traversal flaw in the Conversational Forms for ChatBot plugin. It allows an attacker to send crafted file paths that cause the server to return arbitrary files, leading to potential loss of confidential data. The weakness aligns with CWE‑22.
Affected Systems
QuantumCloud’s Conversational Forms for ChatBot plugin, affected by all releases up to version 1.1.8, is vulnerable in any WordPress installation that has not yet been upgraded beyond that point.
Risk and Exploitability
The CVSS score of 7.5 indicates high severity. The EPSS score is not available, and the issue is not listed in CISA KEV, but the likely attack vector is a remote web request that exploits the path traversal to download arbitrary files the server can read. Consequently, exposed WordPress sites face a significant confidentiality risk if the plugin remains unpatched.
OpenCVE Enrichment