What happened
The WoowBot WooCommerce chatbot plugin (<=4.6.1) contains a stored XSS vulnerability (CVSS 6.5).
Why it matters
Low blast radius (single niche e-commerce chatbot plugin), but XSS in a customer-facing AI chatbot widget could be leveraged for session hijacking or credential theft on WooCommerce storefronts.
Attack vector
Improper input neutralization allows stored XSS in the WooCommerce chatbot plugin.
Affected systems
QuantumCloud ChatBot for eCommerce – WoowBot, through <= 4.6.1
Mitigation
Update beyond 4.6.1 per Patchstack advisory.