CVE-2023-5254

Name of the Vulnerable Software and Affected Versions ChatBot plugin for WordPress versions up to, and including, 4.8.9

Description The issue allows unauthenticated attackers to extract sensitive data, including confirmation of whether a user name exists on the site and order information for existing users, via the qcld wb chatbot check user function.

Recommendations For versions up to, and including, 4.8.9, consider disabling the qcld wb chatbot check user function as a temporary workaround until a patch is available. Update to a version later than 4.8.9 to resolve the issue.