{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69388", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:13:11.108Z", "datePublished": "2026-02-20T15:46:54.922Z", "dateUpdated": "2026-04-28T20:58:26.209Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "cliengo", "product": "Cliengo \u2013 Chatbot", "vendor": "cliengo", "versions": [{"changes": [{"at": "3.0.5", "status": "unaffected"}], "lessThanOrEqual": "3.0.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:03:22.429Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in cliengo Cliengo \u2013 Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Cliengo \u2013 Chatbot: from n/a through <= 3.0.4.</p>"}], "value": "Missing Authorization vulnerability in cliengo Cliengo \u2013 Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo \u2013 Chatbot: from n/a through <= 3.0.4."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:39.780Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/cliengo/vulnerability/wordpress-cliengo-chatbot-plugin-3-0-4-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Cliengo \u2013 Chatbot plugin <= 3.0.4 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T21:07:45.647043Z", "id": "CVE-2025-69388", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T20:58:26.209Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69388", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:13:11.108Z", "datePublished": "2026-02-20T15:46:54.922Z", "dateUpdated": "2026-04-28T20:58:26.209Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "cliengo", "product": "Cliengo \u2013 Chatbot", "vendor": "cliengo", "versions": [{"changes": [{"at": "3.0.5", "status": "unaffected"}], "lessThanOrEqual": "3.0.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:03:22.429Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in cliengo Cliengo \u2013 Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Cliengo \u2013 Chatbot: from n/a through <= 3.0.4.</p>"}], "value": "Missing Authorization vulnerability in cliengo Cliengo \u2013 Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo \u2013 Chatbot: from n/a through <= 3.0.4."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:39.780Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/cliengo/vulnerability/wordpress-cliengo-chatbot-plugin-3-0-4-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Cliengo \u2013 Chatbot plugin <= 3.0.4 - Broken Access Control vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-69388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-23T21:07:45.647043Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T21:07:38.952Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in cliengo Cliengo \u2013 Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo \u2013 Chatbot: from n/a through <= 3.0.4."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en cliengo Cliengo \u2013 Chatbot cliengo permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Cliengo \u2013 Chatbot: desde n/a hasta &lt;= 3.0.4."}], "id": "CVE-2025-69388", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T16:22:24.153", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/cliengo/vulnerability/wordpress-cliengo-chatbot-plugin-3-0-4-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.0.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Cliengo \u2013 Chatbot", "source": "cna", "vendor": "cliengo"}, "product": "cliengo_\u2013_chatbot", "vendor": "cliengo"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-27T20:18:29.521837+00:00", "value": {"mitigation_remediation": ["Upgrade Cliengo \u2013 Chatbot to a version newer than 3.0.4.", "Limit plugin functionality to administrator roles by configuring WordPress role permissions.", "Disable the plugin on environments where it is not required.", "Conduct a security scan for other missing authorization issues in the WordPress installation."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized Access to Plugin Functionality"}, "threat_synthesis": {"affected_systems": "WordPress sites using the Cliengo \u2013 Chatbot plugin version 3.0.4 or earlier are affected. The vendor is cliengo, with the product named Cliengo \u2013 Chatbot. No later versions are impacted. Administrators should verify the installed plugin version and apply updates accordingly.", "description_and_impact": "The vulnerability is a Missing Authorization flaw in the Cliengo \u2013 Chatbot WordPress plugin. It allows an attacker to exploit incorrectly configured access control levels to access functionalities that should be restricted to authenticated users. The primary consequence is that a non\u2011authenticated user could potentially view or alter chatbot settings, undermining confidentiality and integrity of the plugin configuration. The weakness is identified as CWE\u2011862.", "risk_and_exploitability": "The CVSS score of 6.5 places the issue in the moderate severity range. The EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, through web requests to the plugin\u2019s endpoints, as the flaw stems from missing authorization checks. While exploitation risk is moderate, a successful attack would lift unauthorized control over the plugin, potentially exposing sensitive configuration data or enabling further escalation if other vulnerabilities exist."}}}}, "created": "2026-02-23T14:37:07.119272+00:00", "updated": "2026-04-27T20:30:12.270923+00:00", "vendors": ["cliengo", "cliengo$PRODUCT$cliengo_\u2013_chatbot", "wordpress", "wordpress$PRODUCT$wordpress"]}