Unauthorized Data Modification Vulnerability in AI ChatBot Plugin for WordPress
CVE-2024-0452

7.7HIGH

What is CVE-2024-0452?

The AI ChatBot plugin for WordPress has a vulnerability that permits unauthorized data modification due to an absence of necessary capability checks in the openai_file_upload_callback function. All versions up to and including 5.3.4 are affected, allowing authenticated attackers with subscriber-level access or higher to upload arbitrary files to an associated OpenAI account, posing potential risks to the integrity and security of user data.

Affected Version(s)

AI ChatBot for WordPress – WPBot * <= 5.3.4

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Francesco Carlucci
.
CVE-2024-0452 : Unauthorized Data Modification Vulnerability in AI ChatBot Plugin for WordPress