From 2f42dfe1d6478644bb5204054478c68def0f8991 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 30 Sep 2024 12:50:05 +0530
Subject: [PATCH] Update CVE-2024-7714.yaml

---
 http/cves/2024/CVE-2024-7714.yaml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/http/cves/2024/CVE-2024-7714.yaml b/http/cves/2024/CVE-2024-7714.yaml
index 8b40932744..33950cef67 100644
--- a/http/cves/2024/CVE-2024-7714.yaml
+++ b/http/cves/2024/CVE-2024-7714.yaml
@@ -6,13 +6,17 @@ info:
   severity: medium
   description: |
     The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback
+  remediation: Fixed in 2.1.0
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2024-7714
     - https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/
   classification:
-    cvss-score: 5.3
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
+    cvss-score: 6.5
     cve-id: CVE-2024-7714
     cwe-id: CWE-284
+    epss-score: 0.00043
+    epss-percentile: 0.09599
   metadata:
     verified: true
     max-request: 1
@@ -20,7 +24,7 @@ info:
     product: ays-chatgpt-assistant
     framework: wordpress
     publicwww-query: "/wp-content/plugins/ays-chatgpt-assistant"
-  tags: wpscan,cve,cve2024,
+  tags: cve,cve2024,ays-chatgpt-assistant,wpscan,wordpress,wp-plugin,wp
 
 http:
   - raw: