Unauthorized Access Vulnerability in Aiomatic Plugin for WordPress by CodeRevolution
CVE-2024-13816

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Aiomatic - Automatic Ai Content Writer & Editor, Gpt-3 & Gpt-4, Chatgpt Chatbot & Ai Toolkit
Vendor: CVE Published:; 8 March 2025

Summary

The Aiomatic plugin for WordPress has several security weaknesses due to insufficient capability checks, allowing authenticated attackers with Subscriber-level access or above to perform unauthorized actions. These actions include the ability to update and delete posts, manage batches, list uploaded files, and delete various elements such as personas and templates. This vulnerability poses a significant risk of data loss and unapproved modifications to content, impacting the integrity of the site. A partial fix was released in version 2.3.5.

Affected Version(s)

Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit * <= 2.3.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://coderevolution.ro/knowledge-base/faq/full-changel...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2025
Vulnerability Reserved
Jan 30, 2025

Credit

Lucio Sá