{"data":{"id":"f21ba1ef-0334-4994-99f4-1d45fe474dfb","title":"CVE-2024-13882: The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is","summary":"The Aiomatic WordPress plugin (used to generate AI-written content and images) has a vulnerability in versions up to 2.3.8 that allows authenticated users with Contributor access or higher to upload any type of file to the server due to missing file type validation (checking what kind of file is being uploaded). This could potentially allow attackers to run malicious code on the affected website.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-13882","publishedAt":"2025-03-08T14:15:31.250Z","cveId":"CVE-2024-13882","cweIds":["CWE-434","CWE-434"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Aiomatic","GPT-3","GPT-4","ChatGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00956,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-1"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.78,"researchCategory":null,"atlasIds":null}}