CVE-2024-7714
AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like 'ays_chatgpt_disconnect' hooked via an AJAX action ays_chatgpt_admin_ajax in versions up to, and including, 2.0.9. This makes it possible for unauthenticated attackers to to perform unauthorized actions like disconnecting the plugin.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-08-12 CVE Reserved
- 2024-09-05 CVE Published
- 2024-09-27 First Exploit
- 2024-10-03 CVE Updated
- 2024-10-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664 | 2024-09-27 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Unknown Search vendor "Unknown" | AI ChatBot With ChatGPT And Content Generator Search vendor "Unknown" for product "AI ChatBot With ChatGPT And Content Generator" | < 2.1.0 Search vendor "Unknown" for product "AI ChatBot With ChatGPT And Content Generator" and version " < 2.1.0" | en |
Affected
|