CVE-2024-7714

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:free:wordpress:*:*

History

07 Oct 2024, 14:21

Type Values Removed Values Added
CPE cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:free:wordpress:*:*
First Time Ays-pro
Ays-pro chatgpt Assistant
CWE NVD-CWE-noinfo
References () https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/ - () https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/ - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 7.5

27 Sep 2024, 17:35

Type Values Removed Values Added
Summary
  • (es) El complemento The AI ChatBot with ChatGPT and Content Generator by AYS para WordPress anterior a la versión 2.1.0 carece de controles de acceso suficientes que permitan a un usuario no autenticado desconectar el AI ChatBot con el complemento ChatGPT y Content Generator de AYS para WordPress anterior a la versión 2.1.0 de OpenAI, deshabilitando así el AI ChatBot con el complemento ChatGPT y Content Generator de AYS para WordPress anterior a la versión 2.1.0. Se puede acceder a varias acciones: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect' y 'ays_chatgpt_save_feedback'
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

27 Sep 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-27 06:15

Updated : 2024-10-07 14:21


NVD link : CVE-2024-7714

Mitre link : CVE-2024-7714

CVE.ORG link : CVE-2024-7714


JSON object : View

Products Affected

ays-pro

  • chatgpt_assistant