CVE-2024-6845

MEDIUM NUCLEI

Chatbot with ChatGPT WP <2.4.6 - Info Disclosure

Title source: llm

Description

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key

Nuclei Templates (1)

SmartSearchWP < 2.4.6 - OpenAI Key Disclosure

MEDIUMVERIFIEDby s4e-io

FOFA: body="/wp-content/plugins/smartsearchwp"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/cfaaa843-d89e-42d4-90d9-988293499d26/

Scores

CVSS v3 5.3

EPSS 0.2160

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-862

Status published

Products (1)

webdigit/chatbot_with_chatgpt < 2.4.6

Published Sep 25, 2024

Tracked Since Feb 18, 2026