CVE-2024-6846

EUVD-2024-47849
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
webdigitchatbot_with_chatgpt
𝑥
< 2.4.5
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
smartsearchwpchatbot_with_chatgpt_wordpress
𝑥
< 2.4.5
ADP
References
https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/