Data Modification Vulnerability in AI Scribe SEO Plugin by WordPress
CVE-2024-12606

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Ai Scribe – Seo Ai Writer, Content Generator, Humanizer, Blog Writer, Seo Optimizer, Dalle-3, Ai WordPress Plugin Chatgpt (gpt-4o 128k)
Vendor: CVE Published:; 10 January 2025

Summary

The AI Scribe plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check in the engine_request_data() function. This vulnerability affects all versions, including and up to version 2.3, allowing authenticated users with Subscriber-level access and higher to alter plugin settings. Administrators should ensure their installations are updated to mitigate this risk and protect the integrity of the plugin's functionalities.

Affected Version(s)

AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) * <= 2.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/ai-scribe-the-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2025

Credit

Peter Thaleikis