PT-2024-38530 · Ays · Ai Chatbot With Chatgpt/Content Generator
Kieran Burge
·
Published
2024-09-26
·
Updated
2024-10-07
·
CVE-2024-7714
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin versions prior to 2.1.0
Description
The issue is related to insufficient access controls in the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin, allowing an unauthenticated user to disconnect the plugin from OpenAI. This can be achieved through multiple accessible actions:
ays chatgpt disconnect, ays chatgpt connect, and ays chatgpt save feedback.Recommendations
For versions prior to 2.1.0, upgrade to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the
ays chatgpt disconnect, ays chatgpt connect, and ays chatgpt save feedback actions to prevent unauthorized disconnection from OpenAI.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ai Chatbot With Chatgpt/Content Generator