WordPress Plugin Vulnerabilities

Kognetiks Chatbot < 2.3.6 - Unauthenticated Limited File Uploads and Conversation Erasing

Description

The plugin is vulnerable to unauthorized modification of data due to a missing capability check on several functions. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversations.

Affects Plugins

Fixed in 2.3.6

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Jonas Benjamin Friedli
Verified
No

Timeline

Publicly Published
2025-10-17 (about 8 months ago)
Added
2025-10-21 (about 8 months ago)
Last Updated
2025-10-21 (about 8 months ago)

Other