Home » Database

AVID-2026-R1464

Description

WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability (CVE-2024-31351)

Details

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.

Reason for inclusion in AVID: CVE-2024-31351 describes an unauthenticated arbitrary file upload vulnerability in the Copymatic WordPress plugin (AI Content Writer & Generator). This is a software vulnerability in a component used to deliver AI-generated content, which could impact AI deployment stacks that rely on this plugin. As it concerns a software package/component that could be part of an AI service pipeline, it constitutes a software supply chain vulnerability within AI systems. The issue is a security vulnerability with high impact, and the report provides sufficient details and references.

References

Affected or Relevant Artifacts

  • Developer: Copymatic
  • Deployer: Copymatic
  • Artifact Details:
TypeName
SystemCopymatic – AI Content Writer & Generator

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score10.0
Base Severity🔴 Critical
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges RequiredNONE
User InteractionNONE
ScopeCHANGED
Confidentiality Impact🔴 High
Integrity Impact🔴 High
Availability Impact🔴 High

CWE

IDDescription
CWE-434CWE-434 Unrestricted Upload of File with Dangerous Type

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2024-05-17
  • Version: 0.3.3
  • AVID Entry