CVE-2024-5969

Name of the Vulnerable Software and Affected Versions: The AIomatic - Automatic AI Content Writer for WordPress versions up to, and including, 2.0.5

Description: The issue is due to insufficient limitations on the email recipient and the content in the aiomatic send email function, which are reachable via AJAX. This allows unauthenticated attackers to send emails with any content to any recipient.

Recommendations: For versions up to, and including, 2.0.5, consider disabling the aiomatic send email function until a patch is available to prevent exploitation. Restrict access to AJAX endpoints related to this function to minimize the risk of unauthorized email sending.