CVE-2024-6846

Summary

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs

Affected Software

VendorProductVersion RangeStatus
UnknownChatbot with ChatGPT WordPress0 < 2.4.5affected

Weaknesses

  • CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References