5.3
CVE-2024-6845
- EPSS 1.08%
- Veröffentlicht 25.09.2024 06:15:05
- Zuletzt bearbeitet 20.01.2026 18:45:07
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure
Chatbot with ChatGPT <= 2.4.5 - Missing Authorization to Unauthenticated OpenAI API Key Exposure
The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key
Mögliche Gegenmaßnahme
Chatbot with ChatGPT WordPress: Update to version 2.4.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webdigit ≫ Chatbot With Chatgpt SwPlatformwordpress Version < 2.4.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Chatbot with ChatGPT WordPress
Version
*-2.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.609 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wpscan.com/vulnerability/cfaaa843-d89e-42d4-90d9-988293499d26/
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f2cfb14-1076-492f-8a1b-ae04b47dc6fa