{"data":{"id":"0ef66917-6dd3-4230-89cd-5c927baa410d","title":"CVE-2024-6847: The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it","summary":"The Chatbot with ChatGPT WordPress plugin before version 2.4.5 has a SQL injection vulnerability (a type of attack where malicious code is inserted into database queries), which can be exploited by anyone without needing to log in when they submit messages to the chatbot. The plugin fails to properly sanitize and escape a parameter, meaning it doesn't clean or protect user input before using it in a SQL statement.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-6847","publishedAt":"2024-08-20T10:15:05.470Z","cveId":"CVE-2024-6847","cweIds":["CWE-89"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Chatbot with ChatGPT WordPress plugin"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.02149,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-66"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}