AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-12605: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin Ch

mediumvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseJanuary 9, 2025CVE-2024-12605

Summary

The AI Scribe WordPress plugin (versions up to 2.3) has a CSRF vulnerability (cross-site request forgery, where an attacker tricks a logged-in admin into unknowingly making changes to the site). Because the plugin fails to properly validate nonces (security tokens that prevent forged requests), an attacker can trick a site administrator into clicking a malicious link that changes the plugin's settings without the admin's knowledge.

Vulnerability Details

CVSS Score

4.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrity

AI Component TargetedPlugin

Taxonomy References

CWE (Weakness Type)

CWE-352

Affected Vendors

OpenAI

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Same vendorTechCrunch

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

First tracked: February 15, 2026 at 08:50 PM

Classified by LLM (prompt v3) · confidence: 85%