Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal.

This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
Published: 2026-06-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a path traversal flaw in the Conversational Forms for ChatBot plugin. It allows an attacker to send crafted file paths that cause the server to return arbitrary files, leading to potential loss of confidential data. The weakness aligns with CWE‑22.

Affected Systems

QuantumCloud’s Conversational Forms for ChatBot plugin, affected by all releases up to version 1.1.8, is vulnerable in any WordPress installation that has not yet been upgraded beyond that point.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score is not available, and the issue is not listed in CISA KEV, but the likely attack vector is a remote web request that exploits the path traversal to download arbitrary files the server can read. Consequently, exposed WordPress sites face a significant confidentiality risk if the plugin remains unpatched.

Generated by OpenCVE AI on June 18, 2026 at 11:57 UTC.

Remediation

Vendor Solution

Update the WordPress Conversational Forms for ChatBot plugin to the latest available version (at least 1.2.0).


OpenCVE Recommended Actions

  • Update Conversational Forms for ChatBot to version 1.2.0 or newer.
  • If the update cannot be applied immediately, deactivate or uninstall the plugin to prevent exploitation.
  • Monitor web traffic and server logs for suspicious file download activity.

Generated by OpenCVE AI on June 18, 2026 at 11:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Quantumcloud
Quantumcloud conversational Forms For Chatbot
Wordpress
Wordpress wordpress
Vendors & Products Quantumcloud
Quantumcloud conversational Forms For Chatbot
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
Title WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Quantumcloud Conversational Forms For Chatbot
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T15:29:34.726Z

Reserved: 2024-04-17T10:02:58.226Z

Link: CVE-2024-32729

cve-icon Vulnrichment

Updated: 2026-06-17T13:37:30.518Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T12:00:16Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')