The vulnerability is a missing authorization flaw in the QuantumCloud ChatBot plugin for WordPress. When the plugin’s access control security levels are incorrectly configured, an attacker can exploit the lack of proper checks to gain unauthorized access to protected functionality or data. The weakness falls under CWE‑862: Authorization Bypass Through User-Controlled Profile or Context. Attackers could therefore read, modify, or delete content within the managed WordPress site, compromising confidentiality, integrity, and availability of the affected resources.

The affected product is QuantumCloud’s ChatBot WordPress plugin. All releases from the initial version through 6.7.3 are susceptible; the earlier baseline release is unknown, but any installation using a version numbered 6.7.3 or older is vulnerable. The vulnerability does not affect other WordPress components, only the plugin code itself.

The reported CVSS score of 4.3 indicates moderate risk, but the EPSS score of less than 1% suggests that the probability of exploitation in real‑world attacks is currently very low. The vulnerability is not listed in CISA’s KEV catalog, implying no known production exploits. Likely, the attack vector is remote via the web interface, though the CVE description does not explicitly state this, so the inference is based on typical plugin behavior. No mitigated configuration or patch has yet been identified in the public advisory, so defenders must rely on patching and configuring the plugin correctly.