| 厂商 | 产品 | 版本范围 | 状态 |
|---|---|---|---|
| quantumcloud | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | ≤ 8.4.9 | affected |
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| quantumcloud | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | 0 ~ 8.4.9 | - |
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | WPBot <= 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcld_wb_chatbot_conversation_save AJAX action. The AJAX nonce (qcsecretbotnonceval123qc) is publicly emitted on every frontend page via wp_localize_script under the ajax_nonce key, making it freely obtainable by unauthenticated visitors. The conversation parameter is saved to the database without sanitization and rendered unsanitized in the admin chat session view, causing stored XSS that executes when an administrator views saved chat sessions. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-13731.yaml | POC详情 |
未找到公开 POC。
登录以生成 AI POC暂无评论