CVE-2026-40788 HIGH

CVE-2026-40788: WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Vendor Quantumcloud
Product ChatBot
Weakness CWE-862 · Missing authorization
Published June 15, 2026
Last update June 16, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.

Explanation of Vulnerability in Simple Terms

02Summary

QuantumCloud ChatBot versions up to 7.9.7 lack proper authorization checks, allowing authenticated users to modify data and disrupt service availability. An attacker with low-level access can bypass permission controls to alter content or trigger denial-of-service conditions. Update to version 8.4.8 or later to remediate.

What an attacker can do

03Attacker Capabilities

Modify data and cause service disruption without proper authorization.

Potential impact on your site

04Site Impact

Authenticated users can alter content and crash the chatbot without admin approval.

Conditions required to exploit

05Prerequisites

Attacker must have a valid user account with low-level privileges.

Key dates

06Disclosure timeline

June 15, 2026 CVE published
June 16, 2026 Record updated

Related vulnerabilities

08Related CVE