Lucene search

WPScanCVE-2024-6847

HistoryAug 20, 2024 - 6:15 a.m.

CVE-2024-6847

2024-08-2006:15:05

WPScan

web.nvd.nist.gov

chatgpt

wordpress

sql injection

vulnerability

unauthenticated users

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.5%

JSON

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.

Affected configurations

Vulners

Vulnrichment

Node

ibmchatbot_with_ibm_watsonRange<2.4.5wordpress

VendorProductVersionCPE
ibmchatbot_with_ibm_watson*cpe:2.3:a:ibm:chatbot_with_ibm_watson:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
ibm	chatbot_with_ibm_watson	*	cpe:2.3:a:ibm:chatbot_with_ibm_watson::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Chatbot with ChatGPT WordPress",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.4.5"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/baa860bb-3b7d-438a-ad54-92bf8e21e851/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-6847