Vulnerability  ·  2026-07-14

QuantumCloud WoowBot Chatbot for WooCommerce — Stored XSS

VulnerabilityMedium impactGlobalCVE-2026-57414
The WoowBot WooCommerce chatbot plugin (<=4.6.1) contains a stored XSS vulnerability (CVSS 6.5).
Low blast radius (single niche e-commerce chatbot plugin), but XSS in a customer-facing AI chatbot widget could be leveraged for session hijacking or credential theft on WooCommerce storefronts.
Improper input neutralization allows stored XSS in the WooCommerce chatbot plugin.
QuantumCloud ChatBot for eCommerce – WoowBot, through <= 4.6.1
Update beyond 4.6.1 per Patchstack advisory.
Patchstack - WoowBot plugin XSS
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →