{"data":{"id":"789d0c11-f3f2-427a-b4b9-46bcc1378176","title":"CVE-2024-6845: The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, a","summary":"The Chatbot with ChatGPT WordPress plugin before version 2.4.6 has a missing authorization flaw in one of its REST endpoints (a web interface for accessing the plugin's functions), which allows unauthenticated users (anyone without login credentials) to retrieve and decode an OpenAI API key (a secret credential that grants access to OpenAI's services). This vulnerability exposes the API key to attackers.","solution":"Update the Chatbot with ChatGPT WordPress plugin to version 2.4.6 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-6845","publishedAt":"2024-09-25T10:15:05.557Z","cveId":"CVE-2024-6845","cweIds":["CWE-862"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","Chatbot with ChatGPT WordPress plugin"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.29883,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}