Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Addition

Vulnerability

The Kognetiks Chatbot for WordPress plugin is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to and including 2.1.7 [1]. This flaw allows authenticated attackers with subscriber-level access to create new GTP assistants without proper authorization.

Exploitation

An attacker must have a valid WordPress account with at least subscriber-level privileges. The attacker can then trigger the add_new_assistant() function via a crafted request, bypassing authorization checks due to the missing capability validation [1]. No additional user interaction is required beyond the initial authentication.

Impact

Successful exploitation leads to unauthorized creation of GTP assistants, which could be used for further malicious activities such as injecting harmful responses or exfiltrating data through the chatbot interface [1]. The attacker gains the ability to modify system behavior within the scope of the chatbot functionality.

Mitigation

The vulnerability affects plugin versions up to and including 2.1.7 [1]. The plugin was subsequently updated to version 2.4.6, which likely includes a fix. Users should update to the latest version (2.4.6 or newer) available from the WordPress plugin repository [1]. No workarounds are documented in the available references.