CVE-2024-12606

Name of the Vulnerable Software and Affected Versions The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress versions up to, and including, 2.3

Description The issue is related to unauthorized modification of data due to a missing capability check on the engine request data() function. This allows authenticated attackers with Subscriber-level access and above to update plugin settings.

Recommendations For versions up to, and including, 2.3, consider disabling the engine request data() function until a patch is available to prevent unauthorized modification of data. Restrict access to plugin settings to minimize the risk of exploitation. Update to a version that includes a fix for this issue when available.