CVE-2025-60223— WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability
Possible ATT&CK Techniques 1AI
T1083 · File and Directory DiscoveryAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| QuantumCloud | WPBot Pro Wordpress Chatbot | n/a≤ 13.6.5 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-60223
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
QuantumCloud WPBot Pro Wordpress Chatbot 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WPBot Pro Wordpress Chatbot是QuantumCloud公司的一款WordPress对话机器人插件。 QuantumCloud WPBot Pro Wordpress Chatbot 13.6.5及之前版本存在路径遍历漏洞,该漏洞源于路径遍历问题,可能导致订阅者进行任意文件删除。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| QuantumCloud | WPBot Pro Wordpress Chatbot | n/a ~ 13.6.5 | - |
II. Public POCs for CVE-2025-60223
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-60223
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-60223 (1)
IV. Related Vulnerabilities
Same product: WPBot Pro Wordpress Chatbot
Same vendor: QuantumCloud
- CVE-2024-32729
WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arb - CVE-2026-40788
WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vu - CVE-2026-53742
Simple Link Directory through 9.0.4 Stored XSS via Embed Sho - CVE-2026-53741
Simple Link Directory through 9.0.4 Stored XSS via sld_no_re - CVE-2026-7209
Simple Link Directory <= 8.9.2 - Authenticated (Contributor+
Same weakness: CWE-22
- CVE-2026-54414
FileRise shared-folder upload path traversal allows arbitrar - CVE-2026-8713
Avada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary - CVE-2026-7547
Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary Fi - CVE-2026-56078
PraisonAI - Arbitrary File Read and Write via Path Traversal - CVE-2026-54017
Open WebUI: Path traversal / SSRF in terminal server proxy v
V. Comments for CVE-2025-60223
No comments yet