exploitDog

CVE-2024-7714

Опубликовано: 27 сент. 2024

Источник: nvd

CVSS3: 7.5

CVSS3: 6.5

EPSS Средний

Описание

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'

Ссылки

https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:free:wordpress:*:*

Версия до 2.1.0 (исключая)

EPSS

Процентиль: 96%

0.23886

Средний

7.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-xfx4-9q4j-5v3q

CVSS3: 6.5

github

больше 1 года назад

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'

EPSS

Процентиль: 96%

0.23886

Средний

7.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo