AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-6847: The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it

criticalvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseAugust 20, 2024CVE-2024-6847

Summary

The Chatbot with ChatGPT WordPress plugin before version 2.4.5 has a SQL injection vulnerability (a type of attack where malicious code is inserted into database queries), which can be exploited by anyone without needing to log in when they submit messages to the chatbot. The plugin fails to properly sanitize and escape a parameter, meaning it doesn't clean or protect user input before using it in a SQL statement.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 2.1%

Classification

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-89

CAPEC (Attack Pattern)

CAPEC-66

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-6847

First tracked: February 15, 2026 at 08:50 PM

Classified by LLM (prompt v3) · confidence: 75%