CVE-2024-12471 – Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2024-12471

06 Jan 2025 — The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. El complemento The Post Saint: ChatGPT, ... • https://github.com/RandomRobbieBF/CVE-2024-12471 • CWE-94: Improper Control of Generation of Code ('Code Injection') •