VYPR
Medium severity5.4NVD Advisory· Published Mar 8, 2025· Updated Jun 17, 2026

CVE-2024-13816

CVE-2024-13816

Description

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, delete templates, and clear logs. The vulnerability was partially patched in version 2.3.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: <=2.3.6
  • CodeRevolution/Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkitv5
    Range: 0
  • WordPress/Aiomaticwp-canonicalize

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.