4 matches found
CVE-2023-0405
The CVE-2023-0405 entry concerns the WordPress plugin “GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training” (pre-1.4.38). A root cause is that the plugin does not perform nonce or privilege checks, allowing logged-in users (e.g., subscribers) to mod...
CVE-2023-0405 GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update
The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts...
WordPress GPT3 AI Content Writer Plugin < 1.4.38 is vulnerable to Content Injection
Software GPT3 AI Content Writer Type Plugin Vulnerable versions 1.4.38 Fixed in 1.4.38 OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-0405 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 868b79c31d14 Credits Lana Codes Required privilege...
WordPress GPT3 AI Content Writer Plugin < 1.4.38 is vulnerable to Broken Access Control
Software GPT3 AI Content Writer Type Plugin Vulnerable versions 1.4.38 Fixed in 1.4.38 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0405 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID b166ac0894d6 Credits István Márton...