Unauthorized Access Vulnerability in Aiomatic Plugin for WordPress by CodeRevolution
CVE-2024-13816

5.4MEDIUM

Key Information:

Vendor

WordPress
Status
Aiomatic - Automatic Ai Content Writer & Editor, Gpt-3 & Gpt-4, Chatgpt Chatbot & Ai Toolkit
Vendor
CVE Published:
8 March 2025

What is CVE-2024-13816?

The Aiomatic plugin for WordPress has several security weaknesses due to insufficient capability checks, allowing authenticated attackers with Subscriber-level access or above to perform unauthorized actions. These actions include the ability to update and delete posts, manage batches, list uploaded files, and delete various elements such as personas and templates. This vulnerability poses a significant risk of data loss and unapproved modifications to content, impacting the integrity of the site. A partial fix was released in version 2.3.5.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit * <= 2.3.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://coderevolution.ro/knowledge-base/faq/full-changel...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lucio Sá
JSON
.