AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-6846: The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an una

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 5, 2024CVE-2024-6846

Summary

A security flaw was found in the Chatbot with ChatGPT WordPress plugin (versions before 2.4.5) where certain REST routes (endpoints that external programs use to interact with the plugin) did not properly check user permissions, allowing anyone without logging in to delete error and chat logs.

Solution / Mitigation

Update the Chatbot with ChatGPT WordPress plugin to version 2.4.5 or later.

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 6.3%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:50 PM

Classified by LLM (prompt v3) · confidence: 75%