SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs. id: CVE-2024-6846 info: name: SmartSearchWP = 2.4.4 - Unauthenticated Log Purge author: s4e-io severity: medium description: | Th...

SmartSearchWP < 2.4.6 - OpenAI Key Disclosure

The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...

WordPress SmartSearchWP plugin <= 2.4.4 - Unauthenticated Log Purge vulnerability

Unauthenticated Log Purge vulnerability discovered by Bob Matyas in WordPress Plugin SmartSearch WP versions = 2.4.4...

MAL-2025-33450 Malicious code in smartsearchwp (npm)

The package smartsearchwp was found to contain malicious code...

Malicious code in smartsearchwp (npm)

The package smartsearchwp was found to contain malicious code...

WordPress SmartSearchWP plugin < 2.4.6 - Unauthenticated OpenAI Key Disclosure vulnerability

Unauthenticated OpenAI Key Disclosure vulnerability discovered by Kieran Burge in WordPress Plugin SmartSearch WP versions 2.4.6...

CVE-2024-6845 SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key...

CVE-2024-6845 SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key...

CVE-2024-6846 SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

CVE-2024-6846 SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

GHSA-FGP6-8G62-QX6W Malicious Package in smartsearchwp

All versions of smartsearchwp contain malicious code. The package is malware intended to steal credentials from websites it is loaded in. It traverses DOM elements looking for fields such as username and password and uploads it to a remote server. The package also port-scans the local gateway and...

Malicious Package in smartsearchwp

All versions of smartsearchwp contain malicious code. The package is malware intended to steal credentials from websites it is loaded in. It traverses DOM elements looking for fields such as username and password and uploads it to a remote server. The package also port-scans the local gateway and...