Unrated severityNVD Advisory· Published Sep 25, 2024· Updated Sep 25, 2024

SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure

CVE-2024-6845

Description

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key

Affected products

Unknown/Chatbot With Chatgpt Wordpressv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/cfaaa843-d89e-42d4-90d9-988293499d26/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000