{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32499", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:07.663Z", "datePublished": "2026-03-25T16:15:00.491Z", "dateUpdated": "2026-03-25T16:15:00.491Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "chatbot", "product": "ChatBot", "vendor": "QuantumCloud", "versions": [{"changes": [{"at": "7.8.0", "status": "unaffected"}], "lessThanOrEqual": "<= 7.7.9", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Ba Khanh | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:38.109Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.<p>This issue affects ChatBot: from n/a through <= 7.7.9.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9."}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "Blind SQL Injection"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:15:00.491Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/chatbot/vulnerability/wordpress-chatbot-plugin-7-7-9-sql-injection-vulnerability?_s_id=cve"}], "title": "WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9."}], "id": "CVE-2026-32499", "lastModified": "2026-03-25T17:17:01.817", "metrics": {}, "published": "2026-03-25T17:17:01.817", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/chatbot/vulnerability/wordpress-chatbot-plugin-7-7-9-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.7.9]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ChatBot", "source": "cna", "vendor": "QuantumCloud"}, "product": "chatbot", "vendor": "quantumcloud"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T19:22:58.069038+00:00", "value": {"mitigation_remediation": ["Update the ChatBot plugin to a version newer than 7.7.9.", "If upgrading is not immediately possible, disable or remove the plugin until a patch is released.", "Deploy a web application firewall to block suspicious SQL patterns targeting the plugin."], "summary": {"action": "Immediate Patch", "impact": "Blind SQL Injection"}, "threat_synthesis": {"affected_systems": "QuantumCloud ChatBot plugin for WordPress is vulnerable in all installed versions up to and including 7.7.9. Any website that has this plugin installed without upgrading beyond version 7.7.9 is affected. No other specific version details are publicly listed.", "description_and_impact": "The vulnerability is an SQL Injection flaw arising from improper neutralization of special characters in SQL commands. It permits attackers to conduct blind SQL Injection against the database used by the WordPress ChatBot plugin. Successful exploitation would allow an attacker to read, modify, or delete data stored in the WordPress database, potentially exposing sensitive content or enabling unauthorized changes to site information.", "risk_and_exploitability": "The flaw carries a high risk to the confidentiality and integrity of the WordPress database. Although a CVSS score is not publicly provided, the nature of blind SQL Injection suggests a significant potential for exploitation. The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a crafted HTTP request to the plugin\u2019s interface, which may be sent by any authenticated or unauthenticated user with network access to the site."}}}}, "created": "2026-03-25T21:43:29.444192+00:00", "updated": "2026-03-26T11:37:29.040189+00:00", "vendors": ["quantumcloud", "quantumcloud$PRODUCT$chatbot", "wordpress", "wordpress$PRODUCT$wordpress"]}