7.5
CVE-2024-7714
- EPSS 0.83%
- Veröffentlicht 27.09.2024 06:15:12
- Zuletzt bearbeitet 07.10.2024 14:21:23
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
AI ChatBot with ChatGPT and Content Generator by AYS <= 2.0.9 - Missing Authorization
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'
Mögliche Gegenmaßnahme
AI ChatBot with ChatGPT and Content Generator by AYS: Update to version 2.1.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ays-pro ≫ Chatgpt Assistant SwEditionfree SwPlatformwordpress Version < 2.1.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
AI ChatBot with ChatGPT and Content Generator by AYS
Version
*-2.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.83% | 0.526 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/
https://www.wordfence.com/threat-intel/vulnerabilities/id/d970e2fa-ba2f-4c0f-8ff4-10041b9c276e