CVE-2024-7714

{"id": "CVE-2024-7714", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2024-09-27T06:15:12.750", "references": [{"url": "https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'"}, {"lang": "es", "value": "El complemento The AI ChatBot with ChatGPT and Content Generator by AYS para WordPress anterior a la versi\u00f3n 2.1.0 carece de controles de acceso suficientes que permitan a un usuario no autenticado desconectar el AI ChatBot con el complemento ChatGPT y Content Generator de AYS para WordPress anterior a la versi\u00f3n 2.1.0 de OpenAI, deshabilitando as\u00ed el AI ChatBot con el complemento ChatGPT y Content Generator de AYS para WordPress anterior a la versi\u00f3n 2.1.0. Se puede acceder a varias acciones: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect' y 'ays_chatgpt_save_feedback'"}], "lastModified": "2024-10-07T14:21:23.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:free:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3F85B93E-36F8-44FC-AD58-2FBB3700F0D1", "versionEndExcluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}