The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversations.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 18 Oct 2025 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversations. | |
Title | Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing | |
Weaknesses | CWE-285 | |
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-10-18T07:26:31.541Z
Reserved: 2025-10-03T12:13:35.865Z
Link: CVE-2025-11256

No data.

Status : Received
Published: 2025-10-18T08:15:33.660
Modified: 2025-10-18T08:15:33.660
Link: CVE-2025-11256

No data.

No data.