7.5
CVE-2024-7714
- EPSS 23.89%
- Veröffentlicht 27.09.2024 06:15:12
- Zuletzt bearbeitet 07.10.2024 14:21:23
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAI ChatBot with ChatGPT and Content Generator by AYS <= 2.0.9 - Missing Authorization
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'
Mögliche Gegenmaßnahme
AI ChatBot with ChatGPT and Content Generator by AYS: Update to version 2.1.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
AI ChatBot with ChatGPT and Content Generator by AYS
Version
*-2.0.9
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ays-pro ≫ Chatgpt Assistant SwEditionfree SwPlatformwordpress Version < 2.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 23.89% | 0.958 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|