| CVE-2026-4263 | Incorrect authorization in HiJiffy Chatbot | HiJiffy | HiJiffy Chatbot | 中危 | - | 2026-03-26 09:12:46 | Deep Dive |
| CVE-2026-4262 | Incorrect authorization in HiJiffy Chatbot | HiJiffy | HiJiffy Chatbot | 中危 | - | 2026-03-26 09:06:22 | Deep Dive |
| CVE-2026-32499 | WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability | QuantumCloud | ChatBot | 中危 | - | 2026-03-25 16:15:00 | Deep Dive |
| CVE-2026-3506 | WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover | larrykim | WP-Chatbot for Messenger | Medium | 5.3 | 2026-03-21 03:26:40 | Deep Dive |
| CVE-2026-4038 | Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call | CodeRevolution | Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit | Critical | 9.8 | 2026-03-20 03:37:02 | Deep Dive |
| CVE-2026-1336 | AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification | ays-pro | AI ChatBot with ChatGPT and Content Generator by AYS | Medium | 5.3 | 2026-03-02 23:22:55 | Deep Dive |
| CVE-2025-69388 | WordPress Cliengo – Chatbot plugin <= 3.0.4 - Broken Access Control vulnerability | cliengo | Cliengo – Chatbot | - | - | 2026-02-20 15:46:55 | Deep Dive |
| CVE-2026-25338 | WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability | Ays Pro | AI ChatBot with ChatGPT and Content Generator by AYS | - | - | 2026-02-19 08:26:58 | Deep Dive |
| CVE-2026-0736 | Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field | collectchat | Chatbot for WordPress by Collect.chat ⚡️ | Medium | 6.4 | 2026-02-14 06:42:37 | Deep Dive |
| CVE-2026-1400 | AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint | tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress | High | 7.2 | 2026-01-28 08:26:56 | Deep Dive |
| CVE-2026-0746 | AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery | tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress | Medium | 6.4 | 2026-01-27 18:27:56 | Deep Dive |
| CVE-2025-13921 | weDocs <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update | wedevs | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | Medium | 4.3 | 2026-01-23 13:24:24 | Deep Dive |
| CVE-2025-15266 | GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting | ahmadgb | GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation | High | 7.2 | 2026-01-14 05:28:11 | Deep Dive |
| CVE-2025-14574 | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure | wedevs | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | Medium | 5.3 | 2026-01-09 06:34:56 | Deep Dive |
| CVE-2025-13887 | AI BotKit <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wisdmlabs | AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code | Medium | 6.4 | 2026-01-07 09:20:56 | Deep Dive |
| CVE-2025-12505 | weDocs <= 2.1.14 - Missing Authorization to Settings Update | wedevs | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | Medium | 5.4 | 2025-12-06 04:37:50 | Deep Dive |
| CVE-2025-12585 | MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure | mxchat | MxChat – AI Chatbot & Content Generation for WordPress | Medium | 5.3 | 2025-12-03 03:27:15 | Deep Dive |
| CVE-2025-13381 | AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads | ays-pro | AI ChatBot with ChatGPT and Content Generator by AYS | Medium | 5.3 | 2025-11-27 09:27:50 | Deep Dive |
| CVE-2025-13378 | AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter | ays-pro | AI ChatBot with ChatGPT and Content Generator by AYS | Medium | 6.5 | 2025-11-27 09:27:48 | Deep Dive |
| CVE-2025-12973 | S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload | oc3dots | S2B AI Assistant – ChatBot, AI Agents, ChatGPT API, Image Generator | High | 7.2 | 2025-11-21 16:28:14 | Deep Dive |