Lucene search
K

4 matches found

Patchstack
Patchstack
added 2024/02/06 12:0 a.m.16 views

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.1.4 is vulnerable to Arbitrary File Upload

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-0699 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID a07cf1730f82 Credits rootxsudip Required...

7.2CVSS6.8AI score0.01211EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/02/05 10:16 p.m.31 views

CVE-2024-0699

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...

7.2CVSS7AI score0.01211EPSS
Exploits0References2
CVE
CVE
added 2024/02/05 9:21 p.m.63 views

CVE-2024-0699

CVE-2024-0699 affects the WordPress plugin “AI Engine: Chatbots, Generators, Assistants, GPT 4 and more!” up to version 2.1.4. The vulnerability is an arbitrary file upload flaw caused by missing file type validation in add_image_from_url, exploitable by authenticated attackers with Editor access...

7.2CVSS7.8AI score0.01211EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.39 views

CVE-2024-0699 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...

6.6CVSS7.5AI score0.01211EPSS
Exploits0References2
Rows per page
Query Builder