Vulnerabilities and security researches forcliengo cliengo

Mar 31, 2026

CVE, Research URL: CVE-2025-69388
Home page URL: Security reports for Cliengo – Chatbot
Application: Cliengo – Chatbot
Date: Feb 20, 2026
Research Description: Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4.
Affected versions: max 3.0.4.
Status: vulnerable

Jul 22, 2024

CVE, Research URL: CVE-2024-37923
Home page URL: Security reports for Cliengo – Chatbot
Application: Cliengo – Chatbot
Date: Jul 09, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Cliengo – Chatbot.This issue affects Cliengo – Chatbot: from n/a through 3.0.1.
Affected versions: max 3.0.4.
Status: vulnerable

Jul 10, 2024

CVE, Research URL: CVE-2024-5992
Home page URL: Security reports for Cliengo – Chatbot
Application: Cliengo – Chatbot
Date: Jul 09, 2024
Research Description: The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.1. This makes it possible for unauthenticated attackers to change chatbot settings, which can lead to unavailability or other changes to the chatbot.
Affected versions: max 3.0.3.
Status: vulnerable

CVE, Research URL: CVE-2024-5993
Home page URL: Security reports for Cliengo – Chatbot
Application: Cliengo – Chatbot
Date: Jul 09, 2024
Research Description: The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the session token of the chatbot.
Affected versions: max 3.0.3.
Status: vulnerable