Lucene search
PatchstackVULNRICHMENT:CVE-2024-29090HistoryMar 28, 2024 - 5:12 a.m.
CVE-2024-29090 WordPress AI Engine plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability
2024-03-2805:12:03
CWE-918
Patchstack
github.com
1
wordpress
ai engine
server side request forgery
ssrf
jordy meow
chatgpt chatbot
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
7
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
CNA Affected
[
{
"vendor": "Jordy Meow",
"product": "AI Engine: ChatGPT Chatbot",
"versions": [
{
"status": "affected",
"changes": [
{
"at": "2.1.5",
"status": "unaffected"
}
],
"version": "n/a",
"versionType": "custom",
"lessThanOrEqual": "2.1.4"
}
],
"packageName": "ai-engine",
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:jordy_meow:ai-engine:*:*:*:*:*:*:*:*"
],
"vendor": "jordy_meow",
"product": "ai-engine",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2.1.4"
}
],
"defaultStatus": "unknown"
}
]Related
wpvulndb
wpvulndb
AI Engine < 2.1.5 - Authenticated (Editor+) Server-Side Request Forgery
2024-05-07 00:00:00
nvd
nvd
CVE-2024-29090
2024-03-28 06:15:12
cvelist
cvelist
cve
cve
CVE-2024-29090
2024-03-28 06:15:12
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
7
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-29090