CVE-2024-12879

Name of the Vulnerable Software and Affected Versions WPBot Pro Wordpress Chatbot plugin for WordPress versions up to, and including, 13.5.5

Description The issue allows authenticated attackers with Subscriber-level access and above to create Simple Text Responses to chat queries due to a missing capability check on the qc wp latest update check pro function. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 13.5.5, consider disabling the qc wp latest update check pro function until a patch is available to prevent unauthorized data modification. Restrict access to the chat query response creation feature to minimize the risk of exploitation. Avoid using the affected function for creating Simple Text Responses until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.