PT-2024-37900 · WordPress · Chatbot With Chatgpt Wordpress Plugin

Bob Matyas

Published

2024-09-04

Updated

2025-05-16

CVE-2024-6846

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Chatbot with ChatGPT WordPress plugin versions prior to 2.4.5

Description The issue concerns improper access controls in the REST Route Handler of the Chatbot with ChatGPT WordPress plugin. This allows an unauthenticated user to purge error and chat logs due to the plugin not validating access on some REST routes.

Recommendations For versions prior to 2.4.5, upgrade the Chatbot with ChatGPT WordPress plugin to version 2.4.5 or later to mitigate the risk of remote exploit. As a temporary workaround, consider restricting access to the REST routes until the plugin is updated.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-6846

Affected Products

Chatbot With Chatgpt Wordpress Plugin

PT-2024-37900 · WordPress · Chatbot With Chatgpt Wordpress Plugin

CVE-2024-6846

Related Identifiers

Affected Products

References · 9