CVE-2024-7714 Scanner
CVE-2024-7714 Scanner - Unauthenticated AJAX Calls vulnerability in AI Assistant with ChatGPT by AYS
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
23 days 12 hours
Scan only one
URL
Toolbox
-
The AI Assistant with ChatGPT plugin by AYS is a tool designed for WordPress users to integrate ChatGPT functionalities into their websites, offering automated responses and conversational experiences. It is widely utilized by website owners who want to enhance user interaction and automate customer service. The plugin allows seamless integration with OpenAI's ChatGPT, providing a variety of conversational prompts and feedback mechanisms. Due to its ease of installation and robust features, it is popular among bloggers, e-commerce store owners, and content creators. The plugin aims to increase engagement and streamline user responses efficiently. However, when improperly configured, it can lead to security vulnerabilities that need addressing to protect website integrity.
The vulnerability detected in this plugin is an Information Disclosure flaw allowing unauthorized users to execute specific AJAX actions. These actions can manipulate plugin settings, including disconnecting the plugin from OpenAI, leading to service disruption. This vulnerability arises from insufficient access controls on AJAX calls, specifically functions like 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'. Such flaws can potentially expose sensitive configurations or disrupt the service without credential verification. The vulnerability poses a risk to the intended plugin functionality by enabling unauthorized manipulation of its core capabilities. Consequently, addressing this vulnerability is crucial for maintaining the plugin's secure and intended operations.
Technical analysis reveals that the exploit involves unauthenticated access to the '/wp-admin/admin-ajax.php' endpoint. Here, attackers can craft requests with '?ays_chatgpt_assistant_id=1&action=ays_chatgpt_admin_ajax&function=ays_chatgpt_disconnect', leading to unauthorized control over the plugin's operational state. Matchers like 'regex("^true$", body)' and 'status_code == 200' confirm a successful execution, indicating a lack of robust authentication and authorization measures. The vulnerability impacts the integrity of user settings, allowing malicious actors to modify or disable functionalities without appropriate checks. To fortify this endpoint, additional measures must be incorporated into the plugin's architecture to enforce stringent authentication requirements.
Exploiting this vulnerability can result in an attacker gaining control over the plugin's connection status to OpenAI, potentially disconnecting it and disrupting normal operations. This could lead to denial of access to ChatGPT functionalities, affecting user interaction and possibly business operations that rely on automated responses. Moreover, it poses a risk of accidental disclosure of configuration data, exposing operational parameters to unauthorized users. The exploitation, therefore, affects not just functionality but also risks the integrity and confidentiality of settings configured within the plugin. Mitigating this flaw is essential to prevent potential service interruptions and data exposure.
REFERENCES