MxChat – AI Chatbot for WordPress

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access conversation data.

Basic Information

ID CVE-2025-12585

Source Wordfence

Published Dec 3, 2025 at 03:27

Affected Product

Vendor mxchat

Product MxChat – AI Chatbot for WordPress

Version *

Affected Versions mxchat MxChat – AI Chatbot for WordPress *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The MxChat \u2013 AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access conversation data.",
    "published": "2025-12-03T03:27:14.561Z",
    "modified": "2025-12-03T03:27:14.561Z",
    "type": "cve",
    "title": "MxChat \u2013 AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cf1a90d-6157-40e7-aed8-4d18bc22432d?source=cve\nhttps://plugins.trac.wordpress.org/browser/mxchat-basic/trunk/includes/class-mxchat-integrator.php#L107\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3406402%40mxchat-basic&new=3406402%40mxchat-basic&sfp_email=&sfph_mail=",
    "id": "CVE-2025-12585",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "mxchat MxChat \u2013 AI Chatbot for WordPress *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MxChat \u2013 AI Chatbot for WordPress",
    "version": "*",
    "vendor": "mxchat",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure_CVE-2025-12585