AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2023-0405: The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 13, 2023CVE-2023-0405

Summary

A WordPress plugin called 'GPT AI Power' before version 1.4.38 has a security flaw where logged-in users can modify any posts without proper authorization checks (nonce and privilege verification, which are security measures that confirm a user has permission to perform an action). This means someone with basic login access could change or delete content they shouldn't be able to touch.

Solution / Mitigation

Update the plugin to version 1.4.38 or later.

Vulnerability Details

CVSS Score

4.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrity

AI Component TargetedAPI

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:50 PM

Classified by LLM (prompt v3) · confidence: 75%