Vulnerability  ·  2026-07-14

QuantumCloud ChatBot WordPress Plugin — Stored XSS

VulnerabilityMedium impactGlobalCVE-2026-57363
The QuantumCloud ChatBot WordPress plugin (<=8.3.7) contains a stored XSS vulnerability (CVSS 7.1).
Narrow blast radius limited to WordPress sites running this specific AI chatbot plugin, but stored XSS in a chatbot widget could be used to hijack admin sessions or manipulate chatbot configuration seen by site visitors.
Improper neutralization of input during web page generation allows an attacker to store malicious script content that executes in the context of site visitors/admins interacting with the chatbot.
QuantumCloud ChatBot chatbot plugin, through <= 8.3.7
Update to a patched version beyond 8.3.7 per Patchstack advisory.
Patchstack - ChatBot plugin XSS
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →