The vulnerability is a missing authorization flaw that permits attackers to exploit incorrectly configured access control security levels within the QuantumCloud ChatBot plugin. This flaw can allow an attacker to access or perform actions that they should not be permitted to, potentially leading to unauthorized data exposure or manipulation of chatbot behavior. The weakness is classified under CWE-862, indicating that the application does not enforce proper authorization checks for users with insufficient privileges.

The affected component is the QuantumCloud ChatBot plugin used within WordPress installations. All versions from the earliest available release through version 7.3.9 are vulnerable. The plugin is distributed for WordPress sites and may be present on any site that has installed the ChatBot addon up to and including the listed maximum version.

The CVSS score of 5.3 reflects a moderate severity rating, while an EPSS score of <1% and the fact that it is not listed in the CISA KEV catalog suggest that the likelihood of exploitation is currently low. The vulnerability’s impact is tied to broken access controls, meaning penalties primarily involve unauthorized access to protected resources or operations rather than remote code execution. The likely attack vector is through the web-based plugin interface and is inferred to require authentication of a user with a role that does not have sufficient permissions; however, the exact exploitation path is not explicitly described in the advisory.