Missing Authorization Vulnerability in QuantumCloud ChatBot
CVE-2025-62952

8.8HIGH

Key Information:

Vendor

WordPress
Status
Chatbot
Vendor
CVE Published:
27 October 2025

What is CVE-2025-62952?

The QuantumCloud ChatBot application is susceptible to a missing authorization vulnerability due to incorrectly configured access control security levels. This defect can allow unauthorized users to exploit sensitive functionalities, potentially leading to data exposure and manipulation. Users of versions up to 7.3.0 are particularly at risk, necessitating immediate evaluation and remediation to protect against unauthorized access.

Affected Version(s)

ChatBot <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/chat...
vdb-entry

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter | Patchstack Bug Bounty Program
JSON
.
CVE-2025-62952 : Missing Authorization Vulnerability in QuantumCloud ChatBot