PT-2024-14117 · WordPress+1 · Wordpress+1
Rafie Muhammad
·
Published
2024-01-09
·
Updated
2026-06-07
·
CVE-2023-51409
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AI Engine: ChatGPT Chatbot versions 1.9.98 and earlier
Description
The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in the AI Engine: ChatGPT Chatbot. This vulnerability allows for unauthenticated arbitrary file uploads, which may result in remote code execution. It is estimated that around 50,000 WordPress sites are potentially affected. The vulnerability has been identified in the
rest upload endpoint.Recommendations
For AI Engine: ChatGPT Chatbot versions 1.9.98 and earlier, update to version 1.9.99 or later to resolve the issue.
As a temporary workaround, consider disabling the
rest upload endpoint until a patch is available.
Restrict access to the AI Engine: ChatGPT Chatbot plugin to minimize the risk of exploitation.Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai Engine: Chatgpt Chatbot
Wordpress