CVE-2024-6846
Published: 05 September 2024
Summary
CVE-2024-6846 is a medium-severity an unspecified weakness vulnerability in Webdigit Chatbot With Chatgpt. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability CVE-2024-6846 affects the Chatbot with ChatGPT WordPress plugin prior to version 2.4.5. It arises from missing access validation on selected REST routes, which allows deletion of error and chat logs without proper authorization checks.
An unauthenticated attacker can reach the affected endpoints over the network with low attack complexity and no user interaction required. Successful exploitation permits purging of logs, producing a limited integrity impact consistent with the assigned CVSS 5.3 rating.
The referenced WPScan advisory at https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/ documents the issue and indicates that updating to version 2.4.5 or later resolves the authorization gap. The associated EPSS score remains low, with a current value of 0.0631 and a peak of 0.0694.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47849
Vulnerability details
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.