CVE-2024-13816

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-13816
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, delete templates, and clear logs. The vulnerability was partially patched in version 2.3.5.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://coderevolution.ro/knowledge-base/faq/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit/#item-description__changelog Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/69de7d93-b255-4d41-8680-9762ff632804?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:coderevolution:aiomatic:*:*:*:*:*:wordpress:*:*
History

24 Mar 2025, 14:23

Type Values Removed Values Added
CPE cpe:2.3:a:coderevolution:aiomatic:*:*:*:*:*:wordpress:*:*
Summary
  • (es) El complemento Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit para WordPress es vulnerable al acceso no autorizado, la modificación y la pérdida de datos debido a la falta de comprobaciones de capacidad en varias funciones en todas las versiones hasta la 2.3.6 incluida. Esto permite que los atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen y eliminen publicaciones, enumeren y eliminen lotes, enumeren archivos cargados por el asistente, eliminen personas, eliminen formularios, eliminen plantillas y borren registros. La vulnerabilidad fue parcialmente corregida en la versión 2.3.5.
First Time Coderevolution aiomatic
Coderevolution
References () https://coderevolution.ro/knowledge-base/faq/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit/#item-description__changelog - () https://coderevolution.ro/knowledge-base/faq/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit/#item-description__changelog - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/69de7d93-b255-4d41-8680-9762ff632804?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/69de7d93-b255-4d41-8680-9762ff632804?source=cve - Third Party Advisory

08 Mar 2025, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-08 09:15

Updated : 2025-03-24 14:23

NVD link : CVE-2024-13816

Mitre link : CVE-2024-13816

CVE.ORG link : CVE-2024-13816

JSON object : View

Products Affected

coderevolution

  • aiomatic
CWE
CWE-862

Missing Authorization