Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-26932

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5.

References

https://patchstack.com/database/wordpress/plugin/chatbot/vulnerability/wordpres… vdb-entry

Affected products

chatbot

=<6.3.5

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality.

nixos-unstable -
- nixpkgs-unstable 22

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

Package maintainers