CVE-2024-6845

Exploit

EPSS 22.08%
Veröffentlicht 25.09.2024 06:15:05
Zuletzt bearbeitet 20.01.2026 18:45:07
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Chatbot with ChatGPT <= 2.4.5 - Missing Authorization to Unauthenticated OpenAI API Key Exposure

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key

Mögliche Gegenmaßnahme

Chatbot with ChatGPT WordPress: Update to version 2.4.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Chatbot with ChatGPT WordPress

Version *-2.4.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webdigit ≫ Chatbot With Chatgpt SwPlatformwordpress Version < 2.4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.08%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/cfaaa843-d89e-42d4-90d9-988293499d26/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/1f2cfb14-1076-492f-8a1b-ae04b47dc6fa

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-6845

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6845

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6845

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6845