Security Advisory

CVE-2023-5241

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-19 05:34:10

Last updated 2026-04-08 16:42:20

Assigner Wordfence

State PUBLISHED

Description

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.

← Browse all CVEs View on cve.org ↗