CVE-2024-6846

MEDIUM NUCLEI

Chatbot with ChatGPT WP <2.4.5 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-6846 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs

Nuclei Templates (1)

SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge
MEDIUMVERIFIEDby s4e-io
FOFA: body="/wp-content/plugins/smartsearchwp"

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/

Scores

CVSS v3 5.3
EPSS 0.0126
EPSS Percentile 65.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

Status published
Products (1)
webdigit/chatbot_with_chatgpt < 2.4.5
Published Sep 05, 2024
Tracked Since Feb 18, 2026