Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9.
Published: 2026-03-25
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection (Database Compromise)
Action: Immediate Patch
AI Analysis

Impact

An attacker can inject malformed SQL into the QuantumCloud ChatBot WordPress plugin, causing the underlying database to execute unintended commands. The vulnerability derives from improper neutralization of special elements in SQL statements, enabling blind SQL injection (CWE‑89). This allows an unauthenticated attacker to read or modify database contents, potentially leading to data exfiltration or further exploitation if the database user holds elevated privileges.

Affected Systems

Any WordPress site running the QuantumCloud ChatBot plugin with versions up to and including 7.7.9 is affected. This includes all installations from the earliest release through 7.7.9, as the vulnerability is present in every version within that range.

Risk and Exploitability

The CVSS score of 9.3 denotes a high severity, reflecting the potential for significant data loss or manipulation. The EPSS score is below 1%, indicating that widespread exploitation is unlikely at present, and the vulnerability is not listed in CISA's KEV catalog. The attack vector is inferred to be via standard HTTP requests to the plugin’s functionality that accepts unsanitized input; no prior authentication is required, enabling public attackers to trigger the blind SQL injection.

Generated by OpenCVE AI on March 26, 2026 at 16:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the QuantumCloud ChatBot plugin to the latest version (≥7.8.0) as soon as possible.
  • If an upgrade cannot be performed immediately, disable the plugin until a patch is applied.
  • Restrict external access to the plugin’s endpoints or enforce authenticated usage where feasible.
  • Apply input validation or WAF rules to block SQL injection patterns targeting the plugin.

Generated by OpenCVE AI on March 26, 2026 at 16:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Quantumcloud
Quantumcloud chatbot
Wordpress
Wordpress wordpress
Vendors & Products Quantumcloud
Quantumcloud chatbot
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9.
Title WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability
Weaknesses CWE-89
References

Subscriptions

Quantumcloud Chatbot
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-26T13:47:10.985Z

Reserved: 2026-03-12T11:12:07.663Z

Link: CVE-2026-32499

cve-icon Vulnrichment

Updated: 2026-03-26T13:41:49.564Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:17:01.817

Modified: 2026-04-24T16:35:20.070

Link: CVE-2026-32499

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:31:02Z

Weaknesses