Cyber Resilience

CVE-2023-5212

CriticalPublic PoC

Published: 19 October 2023

Published
19 October 2023
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
EPSS Score 0.0031 54.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-5212 is a critical-severity Path Traversal (CWE-22) vulnerability in Quantumcloud Wpbot. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked in the top 45.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).

EU & UK References

Vulnerability details

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the…

more

server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
The vulnerability affects the AI ChatBot plugin for WordPress, which provides AI-powered chatbot functionality as an assistant integrated into websites, fitting the Enterprise AI Assistants category.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Arbitrary file deletion enables indicator removal by deleting files and artifacts (T1070.004) and impairing defenses by disabling or deleting security tools (T1562.001).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0048: External Harms

Affected Assets

quantumcloud
wpbot
4.9.2 · ≤ 4.9.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References