Unauthorized Data Modification Vulnerability in AI ChatBot Plugin for WordPress
CVE-2024-0452
7.7HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 22 May 2024
What is CVE-2024-0452?
The AI ChatBot plugin for WordPress has a vulnerability that permits unauthorized data modification due to an absence of necessary capability checks in the openai_file_upload_callback function. All versions up to and including 5.3.4 are affected, allowing authenticated attackers with subscriber-level access or higher to upload arbitrary files to an associated OpenAI account, posing potential risks to the integrity and security of user data.
Affected Version(s)
AI ChatBot for WordPress – WPBot * <= 5.3.4