{"data":{"id":"198e8d77-79e0-423c-953a-5564e332d8ad","title":"CVE-2024-12471: The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is","summary":"A WordPress plugin called 'The Post Saint' (used to generate AI text and images) has a security flaw in versions up to 1.3.1 where it fails to check user permissions and validate file types when uploading files. This allows attackers with basic user accounts to upload malicious files that could let them execute arbitrary code (RCE, running unauthorized commands) on the website.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-12471","publishedAt":"2025-01-07T11:15:17.027Z","cveId":"CVE-2024-12471","cweIds":["CWE-94"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI","Stability AI"],"affectedVendorsRaw":["ChatGPT","GPT-4","DALL-E","Stable Diffusion","Pexels","Dezgo"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.64389,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"plugin","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}