daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2024-7714.yaml

patch-12
Dhiyaneshwaran 2024-09-30 12:50:05 +05:30 committed by GitHub
parent 95f61d0ec1
commit 2f42dfe1d6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
http/cves/2024/CVE-2024-7714.yaml
View File

@ -6,13 +6,17 @@ info:
severity: medium
description: |
The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback
remediation: Fixed in 2.1.0
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-7714
- https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/
classification:
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-score: 6.5
cve-id: CVE-2024-7714
cwe-id: CWE-284
epss-score: 0.00043
epss-percentile: 0.09599
metadata:
verified: true
max-request: 1
@ -20,7 +24,7 @@ info:
product: ays-chatgpt-assistant
framework: wordpress
publicwww-query: "/wp-content/plugins/ays-chatgpt-assistant"
tags: wpscan,cve,cve2024,
tags: cve,cve2024,ays-chatgpt-assistant,wpscan,wordpress,wp-plugin,wp
http:
- raw: