Update CVE-2024-7714.yaml
Dhiyaneshwaran
GitHub
parent
95f61d0ec1
commit
2f42dfe1d6
|
|
@ -6,13 +6,17 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback
|
The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback
|
||||||
|
remediation: Fixed in 2.1.0
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-7714
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-7714
|
||||||
- https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/
|
- https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/
|
||||||
classification:
|
classification:
|
||||||
cvss-score: 5.3
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.5
|
||||||
cve-id: CVE-2024-7714
|
cve-id: CVE-2024-7714
|
||||||
cwe-id: CWE-284
|
cwe-id: CWE-284
|
||||||
|
epss-score: 0.00043
|
||||||
|
epss-percentile: 0.09599
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
@ -20,7 +24,7 @@ info:
|
||||||
product: ays-chatgpt-assistant
|
product: ays-chatgpt-assistant
|
||||||
framework: wordpress
|
framework: wordpress
|
||||||
publicwww-query: "/wp-content/plugins/ays-chatgpt-assistant"
|
publicwww-query: "/wp-content/plugins/ays-chatgpt-assistant"
|
||||||
tags: wpscan,cve,cve2024,
|
tags: cve,cve2024,ays-chatgpt-assistant,wpscan,wordpress,wp-plugin,wp
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue