CVE-2024-7713

EPSS 0.41%
Veröffentlicht 27.09.2024 06:15:11
Zuletzt bearbeitet 18.03.2025 20:15:24
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

AI ChatBot with ChatGPT and Content Generator by AYS <= 2.0.9 - Unauthenticated OpenAI Key Exposure

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it

Mögliche Gegenmaßnahme

AI ChatBot with ChatGPT and Content Generator by AYS: Update to version 2.1.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt AI ChatBot with ChatGPT and Content Generator by AYS

Version *-2.0.9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ays-pro ≫ Chatgpt Assistant SwEditionfree SwPlatformwordpress Version < 2.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.609

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://wpscan.com/vulnerability/061eab97-4a84-4738-a1e8-ef9a1261ff73/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/eb38024c-880d-4d22-b81a-412d46183e1b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7713

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7713