Lucene search

WPScanCVELIST:CVE-2023-0405

HistoryFeb 13, 2023 - 2:32 p.m.

CVE-2023-0405 GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update

2023-02-1314:32:23

WPScan

www.cve.org

gpt ai power

content writer

chatgpt

image generator

woocommerce product writer

ai training

wordpress plugin

security vulnerability

arbitrary post content update

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

25.5%

JSON

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.4.38"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/3ca9ac21-2bce-4480-9079-b4045b261273