4 matches found
WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.1.4 is vulnerable to Arbitrary File Upload
Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-0699 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID a07cf1730f82 Credits rootxsudip Required...
CVE-2024-0699
The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...
CVE-2024-0699
CVE-2024-0699 affects the WordPress plugin “AI Engine: Chatbots, Generators, Assistants, GPT 4 and more!” up to version 2.1.4. The vulnerability is an arbitrary file upload flaw caused by missing file type validation in add_image_from_url, exploitable by authenticated attackers with Editor access...
CVE-2024-0699 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url
The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...