PT-2024-15572 · WordPress · Ai Chatbot

Francesco Carlucci

Published

2024-05-22

Updated

2025-05-12

CVE-2024-0453

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions AI ChatBot plugin for WordPress versions up to, and including, 5.3.4

Description The issue allows authenticated attackers with subscriber-level access and above to delete files from a linked OpenAI account due to a missing capability check on the openai file delete callback function. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 5.3.4, update to a version that includes a fix for the missing capability check on the openai file delete callback function. As a temporary workaround, consider disabling the openai file delete callback function until a patch is available.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2024-0453

Affected Products

Ai Chatbot

PT-2024-15572 · WordPress · Ai Chatbot

CVE-2024-0453

Weakness Enumeration

Related Identifiers

Affected Products

References · 8