CVE-2024-4560

Name of the Vulnerable Software and Affected Versions: Kognetiks Chatbot for WordPress plugin versions up to, and including, 1.9.9

Description: The issue is related to arbitrary file uploads due to missing file type validation in the chatbot chatgpt upload file to assistant function. This allows unauthenticated attackers to upload arbitrary files on the affected site's server, potentially making remote code execution possible.

Recommendations: For versions up to, and including, 1.9.9, update to a version that includes a fix for the missing file type validation issue in the chatbot chatgpt upload file to assistant function. As a temporary workaround, consider disabling the chatbot chatgpt upload file to assistant function until a patch is available.