{"data":{"id":"b991e5e2-2337-47db-81b9-73f88158679d","title":"CVE-2024-13816: The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is","summary":"The Aiomatic WordPress plugin (used for AI-powered content writing) has a security flaw in versions up to 2.3.6 where it fails to check user permissions properly, allowing attackers with basic user accounts (Subscriber level and above) to perform dangerous actions like deleting posts, removing files, and clearing logs that they shouldn't be able to access. This vulnerability puts user data at risk of unauthorized modification or deletion.","solution":"The vulnerability was partially patched in version 2.3.5. Users should update to version 2.3.7 or later for a complete fix (though the source only explicitly mentions a partial patch in 2.3.5).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-13816","publishedAt":"2025-03-08T14:15:31.077Z","cveId":"CVE-2024-13816","cweIds":["CWE-862","CWE-862"],"cvssScore":"5.4","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ChatGPT","GPT-3","GPT-4","Aiomatic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00133,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}