CVE-2024-6846

MEDIUM NUCLEI

Chatbot with ChatGPT WP <2.4.5 - Info Disclosure

Title source: llm

Description

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs

Nuclei Templates (1)

SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

MEDIUMVERIFIEDby s4e-io

FOFA: body="/wp-content/plugins/smartsearchwp"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/

Scores

CVSS v3 5.3

EPSS 0.0631

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Status published

Products (1)

webdigit/chatbot_with_chatgpt < 2.4.5

Published Sep 05, 2024

Tracked Since Feb 18, 2026