Impact
This vulnerability permits a subscriber to delete any file on the WordPress installation. The impact is loss of critical data, potential configuration files, or the complete website, which jeopardizes confidentiality, integrity, and availability. The weakness is classified as CWE‑22, a file deletion misuse. The CVSS score of 7.7 indicates high severity.
Affected Systems
The plugin QuantumCloud WPBot Pro Wordpress Chatbot, versions up to and including 13.6.5, is affected.
Risk and Exploitability
The EPSS score is not available, but the absence of a KEV listing does not reduce the risk, as the vulnerability remains exploitable by users with subscriber privileges. Exploitation requires only that the user has access to the plugin’s subscription interface; no additional system privileges are needed. The high CVSS score reflects the serious consequences of arbitrary file deletion, making this a priority risk for any site running the vulnerable plugin.
OpenCVE Enrichment