CVE-2024-6845: The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, a
mediumvulnerabilityLLM-Specific
security
Summary
The Chatbot with ChatGPT WordPress plugin before version 2.4.6 has a missing authorization flaw in one of its REST endpoints (a web interface for accessing the plugin's functions), which allows unauthenticated users (anyone without login credentials) to retrieve and decode an OpenAI API key (a secret credential that grants access to OpenAI's services). This vulnerability exposes the API key to attackers.
Solution / Mitigation
Update the Chatbot with ChatGPT WordPress plugin to version 2.4.6 or later.
Vulnerability Details
CVSS Score
5.3(medium)
EPSS (30-day exploit probability)
EPSS: 29.9%
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-6845
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 92%