CVE-2024-7714

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:free:wordpress:*:*

History

07 Oct 2024, 14:21

Type	Values Removed	Values Added
First Time		Ays-pro Ays-pro chatgpt Assistant
CPE		cpe:2.3:a:ays-pro:chatgpt_assistant:::::free:wordpress::
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.5
CWE		NVD-CWE-noinfo
References	~~() https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/ -~~	() https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/ - Exploit, Third Party Advisory

27 Sep 2024, 17:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-27 06:15

Updated : 2024-10-07 14:21

NVD link : CVE-2024-7714

Mitre link : CVE-2024-7714

CVE.ORG link : CVE-2024-7714

JSON object : View

Products Affected

ays-pro

chatgpt_assistant

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-7714", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2024-09-27T06:15:12.750", "references": [{"url": "https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'"}, {"lang": "es", "value": "El complemento The AI ChatBot with ChatGPT and Content Generator by AYS para WordPress anterior a la versi\u00f3n 2.1.0 carece de controles de acceso suficientes que permitan a un usuario no autenticado desconectar el AI ChatBot con el complemento ChatGPT y Content Generator de AYS para WordPress anterior a la versi\u00f3n 2.1.0 de OpenAI, deshabilitando as\u00ed el AI ChatBot con el complemento ChatGPT y Content Generator de AYS para WordPress anterior a la versi\u00f3n 2.1.0. Se puede acceder a varias acciones: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect' y 'ays_chatgpt_save_feedback'"}], "lastModified": "2024-10-07T14:21:23.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:free:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3F85B93E-36F8-44FC-AD58-2FBB3700F0D1", "versionEndExcluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}