CVE-2023-5241

Name of the Vulnerable Software and Affected Versions The AI ChatBot for WordPress versions up to, and including, 4.8.9 The AI ChatBot for WordPress version 4.9.2

Description The issue allows subscriber-level attackers to perform Directory Traversal, potentially leading to a Denial of Service (DoS) when appended to critical files. This is achieved by appending "<?php" to any existing file on the server via the qcld openai upload pagetraining file function.

Recommendations For versions up to, and including, 4.8.9, consider disabling the qcld openai upload pagetraining file function until a patch is available. For version 4.9.2, consider disabling the qcld openai upload pagetraining file function until a patch is available. As a temporary workaround, restrict access to critical files such as wp-config.php to minimize the risk of exploitation.