216.73.217.1

CVE-2024-7714

· Published 27/09/2024 06:15 · Modified 07/10/2024 14:21

Labels: CVE-2024-7714 2024-09-27CVE-2024-7714NVD-CWE-noinfo[email protected]

Essential information

Published
27/09/2024 06:15
Modified
07/10/2024 14:21
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ays-pro / chatgpt assistant cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:free:wordpress:*:*

References