CVE-2024-0453 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-0451 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback

The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openaifilelistcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to lis...

CVE-2024-0451

CVE-2024-0451 affects the WordPress AI ChatBot for WordPress (WPBot) plugin. The vulnerability is due to a missing capability check in openai_file_list_callback across versions up to and including 5.3.4, enabling authenticated users with subscriber-level access and above to enumerate files in a l...

WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via multiple functions vulnerability

Missing Authorization via multiple functions vulnerability discovered by Francesco Carlucci in WordPress Plugin ChatBot versions = 5.3.4...

WordPress ChatBot Plugin <= 5.3.4 is vulnerable to Broken Access Control

Software ChatBot Type Plugin Vulnerable versions = 5.3.4 Fixed in 5.3.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0452 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 917c40a0b30a Credits Francesco Carlucci Required privilege...

PT-2024-15571 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 5.3.4 Description: The issue is related to a missing capability check on the openai file upload callback function, allowing authenticated attackers with subscriber-level access an...

WordPress plugin AI ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin AI ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin AI ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-15572 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 5.3.4 Description: The issue allows authenticated attackers with subscriber-level access and above to delete files from a linked OpenAI account due to a missing capability check o...

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_upload_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level acce...

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_delete_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level acce...

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_list_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openaifilelistcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and...

Kognetiks Chatbot for WordPress < 2.0.1 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...

CVE-2024-4560

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbotchatgptuploadfiletoassistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to uploa...

CVE-2024-34440

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63...

CVE-2024-32964

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...

CVE-2024-32700

Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0...

WordPress plugin Kognetiks Chatbot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin AI Engine: ChatGPT Chatbot 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin AI Engine: ChatGPT A code...