Description
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Published: 2026-06-17
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability permits a subscriber to delete any file on the WordPress installation. The impact is loss of critical data, potential configuration files, or the complete website, which jeopardizes confidentiality, integrity, and availability. The weakness is classified as CWE‑22, a file deletion misuse. The CVSS score of 7.7 indicates high severity.

Affected Systems

The plugin QuantumCloud WPBot Pro Wordpress Chatbot, versions up to and including 13.6.5, is affected.

Risk and Exploitability

The EPSS score is not available, but the absence of a KEV listing does not reduce the risk, as the vulnerability remains exploitable by users with subscriber privileges. Exploitation requires only that the user has access to the plugin’s subscription interface; no additional system privileges are needed. The high CVSS score reflects the serious consequences of arbitrary file deletion, making this a priority risk for any site running the vulnerable plugin.

Generated by OpenCVE AI on June 18, 2026 at 12:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for WPBot Pro (any release newer than 13.6.5).
  • Revoke file deletion permissions from subscriber users and limit such operations to administrators only.
  • If the plugin is unnecessary, permanently deactivate or remove it from the WordPress installation.

Generated by OpenCVE AI on June 18, 2026 at 12:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Quantumcloud
Quantumcloud wpbot Pro Wordpress Chatbot
Wordpress
Wordpress wordpress
Vendors & Products Quantumcloud
Quantumcloud wpbot Pro Wordpress Chatbot
Wordpress
Wordpress wordpress

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Title WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}


Subscriptions

Quantumcloud Wpbot Pro Wordpress Chatbot
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T15:26:24.670Z

Reserved: 2025-09-25T15:34:33.695Z

Link: CVE-2025-60223

cve-icon Vulnrichment

Updated: 2026-06-17T15:26:18.849Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:04:51Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')