CVE-2024-5969

MEDIUM

AIomatic < 2.0.5 - Unauthenticated Arbitrary Email Sending via aiomatic_send_email Function

Title source: llm

Description

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.

References (2)

Core 2

Core References

Product

https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve

Scores

CVSS v3 5.8

EPSS 0.0035

EPSS Percentile 27.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (2)

coderevolution/aiomatic < 2.0.6

CodeRevolution/Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit < 2.0.5

Published Jul 27, 2024

Tracked Since Feb 18, 2026