CVE-2024-0452

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-862
View all →

Vulnerability Description

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account.

Related Vulnerabilities

CVE-2023-2590

HIGH
CVSS:7.7(High)

Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.

CWE-8622023

CVE-2023-42358

HIGH
CVSS:7.7(High)

An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API co...

CWE-8622023

CVE-2023-51418

HIGH
CVSS:7.7(High)

Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6.

CWE-8622023

CVE-2023-51500

HIGH
CVSS:7.7(High)

Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8.

CWE-8622023

CVE-2023-52713

HIGH
CVSS:7.7(High)

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CWE-8622023

CVE-2024-0453

HIGH
CVSS:7.7(High)

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and includin...

CWE-8622024