Kognetiks Chatbot

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversations.

Basic Information

ID CVE-2025-11256

Source Wordfence

Published Oct 18, 2025 at 07:26

Affected Product

Vendor kognetiks

Product Kognetiks Chatbot

Version *

Affected Versions kognetiks Kognetiks Chatbot *

CWE Classification

CWE-285

References

{
    "lastseen": "",
    "description": "The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversations.",
    "published": "2025-10-18T07:26:31.541Z",
    "modified": "2025-10-18T07:26:31.541Z",
    "type": "cve",
    "title": "Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8fe389-ff44-4be3-889b-0006977f4f3c?source=cve\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3380317%40chatbot-chatgpt&new=3380317%40chatbot-chatgpt&sfp_email=&sfph_mail=\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3380313%40chatbot-chatgpt&new=3380313%40chatbot-chatgpt&sfp_email=&sfph_mail=",
    "id": "CVE-2025-11256",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "kognetiks Kognetiks Chatbot *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Kognetiks Chatbot",
    "version": "*",
    "vendor": "kognetiks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing_CVE-2025-11256