CVE-2024-7714

27.09.2024, 06:15

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and  'ays_chatgpt_save_feedback'

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
WPScan	CNA	---				---
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Vendor	Product	Version
ays-pro	ai_chatbot_with_chatgpt	𝑥 < 2.1.0
ays-pro	chatgpt_assistant	𝑥 < 2.1.0

𝑥

= Vulnerable software versions

Known Exploits!

https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/

References

https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/