CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52384 – WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52384
Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through 2.4.9. The Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ai-content-generator/wordpress-sage-ai-chatbots-openai-gpt-4-bulk-articles-dalle-3-image-generation-plugin-2-4-9-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51528 – WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-51528
Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Senol Sahin AI Power: Complete AI Pack – Desarrollado por GPT-4. Este problema afecta a AI Power: Complete AI Pack – Desarrollado por GPT-4: desde n/a hasta 1.8.12. The GPT3 AI Content Writer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.12. This is due to missing or incorrect nonce validation on the wpaicg_export_logs_callback() function. • https://patchstack.com/database/vulnerability/gpt3-ai-content-generator/wordpress-ai-power-complete-ai-pack-powered-by-gpt-4-plugin-1-8-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •