WordPress Plugin Vulnerabilities

ChatBot < 7.4.0 - Missing Authorization

Description

The AI ChatBot – WPBot for Live Support and Lead Generation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.3.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
chatbot
Fixed in 7.4.0

References

CVE
CVE-2025-64277
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c18d155-9c9d-4ffa-8faa-09bb67406266

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
n0_arafat_n0
Verified
No
WPVDB ID
e8b8327b-a433-4066-9c47-e329aec1a76b

Timeline

Publicly Published
2025-10-12 (about 7 months ago)
Added
2025-11-17 (about 5 months ago)
Last Updated
2025-11-17 (about 5 months ago)

Other

Published
Title
Published
2025-05-16
Title
Pinterest Automatic Pin <= 4.19.0 - Missing Authorization
Published
2022-07-18
Title
MultiSafepay < 4.16.0 - Unauthenticated Arbitrary File Access
Published
2026-01-12
Title
WP Duplicate Page < 1.8.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication
Published
2025-11-24
Title
Autochat Automatic Conversation <= 1.1.9 - Missing Authorization to Unauthenticated Settings Update
Published
2025-04-07
Title
Motors – Car Dealership & Classified Listings Plugin < 1.4.67 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up