WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-45063

8.8HIGH

Key Information:

Vendor: WordPress
Status: AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One
Vendor: CVE Published:; 12 October 2023

Summary

The ReCorp AI Content Writing Assistant plugin, specifically versions 1.1.5 and earlier, is susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows unauthorized commands to be transmitted from a user that the web application trusts. Exploitation of this vulnerability could lead to unauthorized actions being executed within the plugin without the consent of the user, thereby posing significant security risks.

Affected Version(s)

AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One <= 1.1.5

References

https://patchstack.com/database/vulnerability/ai-content-...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2023
Vulnerability Reserved
Oct 3, 2023

Credit

konagash (Patchstack Alliance)