Arbitrary File Deletion Vulnerability in WPBot Pro WordPress Chatbot
CVE-2025-60223

7.7HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
17 June 2026

What is CVE-2025-60223?

The WPBot Pro WordPress Chatbot plugin versions 13.6.5 and lower are susceptible to an arbitrary file deletion vulnerability. This flaw allows unauthorized users to delete files from the server, posing a significant security risk to affected websites. Administrators using this plugin should immediately review their implementations and apply necessary updates to mitigate any potential security threats.

Affected Version(s)

WPBot Pro Wordpress Chatbot <= 13.6.5

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
.