The Kognetiks Chatbot plugin facilitates communication and interaction with site visitors via automated chat functionalities. However, a missing capability check in several functions enables threat actors to bypass authentication processes and execute unauthorized actions. Specifically, attackers can upload certain types of files that are typically deemed safe. Additionally, the vulnerability allows these attackers to erase chat conversations, potentially leading to data loss and an interruption in service. The lack of proper authorization checks represents a significant oversight in the plugin's security architecture. This vulnerability could be exploited by an attacker with minimal technical knowledge, placing a large number of WordPress installations at risk. No severity rating was assigned; however, the potential impact on confidentiality and integrity is evident.

To mitigate this vulnerability, ensure that all plugins are routinely updated to their latest versions. Establish robust permissions management by setting strong, unique passwords for WordPress admin accounts and using a plugin that automatically checks for and notifies of any vulnerability in plugins. Consider implementing a firewall to filter traffic and employing security plugins that provide capability checks.