CVE-2024-13816

{"id": "CVE-2024-13816", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-03-08T09:15:31.077", "references": [{"url": "https://coderevolution.ro/knowledge-base/faq/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit/#item-description__changelog", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69de7d93-b255-4d41-8680-9762ff632804?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, delete templates, and clear logs. The vulnerability was partially patched in version 2.3.5."}, {"lang": "es", "value": "El complemento Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit para WordPress es vulnerable al acceso no autorizado, la modificaci\u00f3n y la p\u00e9rdida de datos debido a la falta de comprobaciones de capacidad en varias funciones en todas las versiones hasta la 2.3.6 incluida. Esto permite que los atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen y eliminen publicaciones, enumeren y eliminen lotes, enumeren archivos cargados por el asistente, eliminen personas, eliminen formularios, eliminen plantillas y borren registros. La vulnerabilidad fue parcialmente corregida en la versi\u00f3n 2.3.5."}], "lastModified": "2025-03-24T14:23:45.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:coderevolution:aiomatic:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1C360910-2EA1-46ED-A75C-EC966CA979E8", "versionEndExcluding": "2.3.7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}