CVE-2023-0405

Summary

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.

Affected Software

VendorProductVersion RangeStatus
UnknownGPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training0 < 1.4.38affected

Weaknesses

  • CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References