Cyber Resilience

CVE-2024-6846

MediumPublic PoC

Published: 05 September 2024

Published
05 September 2024
Modified
16 May 2025
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0631 91.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6846 is a medium-severity an unspecified weakness vulnerability in Webdigit Chatbot With Chatgpt. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability CVE-2024-6846 affects the Chatbot with ChatGPT WordPress plugin prior to version 2.4.5. It arises from missing access validation on selected REST routes, which allows deletion of error and chat logs without proper authorization checks.

An unauthenticated attacker can reach the affected endpoints over the network with low attack complexity and no user interaction required. Successful exploitation permits purging of logs, producing a limited integrity impact consistent with the assigned CVSS 5.3 rating.

The referenced WPScan advisory at https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/ documents the issue and indicates that updating to version 2.4.5 or later resolves the authorization gap. The associated EPSS score remains low, with a current value of 0.0631 and a peak of 0.0694.

EU & UK References

Vulnerability details

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

webdigit
chatbot with chatgpt
≤ 2.4.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References