CVE-2024-7714

moderate-risk

Published 2024-09-27

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'

Do I need to act?

23.9% chance of exploitation in next 30 days

EPSS score — higher than 76% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Chatgpt Assistant

Affected Vendors

Ays-Pro

References (1)

Exploit https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 14/34 · Moderate

Exposure 5/34 · Minimal