Home » Database

AVID-2026-R1482

Description

WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability (CVE-2024-34440)

Details

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.

Reason for inclusion in AVID: CVE-2024-34440 describes an unrestricted file upload vulnerability in the WordPress AI Engine plugin (AI Engine: ChatGPT Chatbot), enabling remote exploitation without user interaction. This plugin functions as an AI deployment component (AI chatbot integration) within a web AI stack, representing a software artifact in the deployment/run phase of general-purpose AI systems. The vulnerability is security-oriented (CVE, CWE-434) with a high CVSS score (9.1) and potential impact on confidentiality, integrity, and availability. Therefore it constitutes a software supply-chain-related vulnerability affecting AI deployment tooling, not purely hardware/firmware.

References

Affected or Relevant Artifacts

  • Developer: OpenAI
  • Deployer: OpenAI
  • Artifact Details:
TypeName
SystemAI Engine: ChatGPT Chatbot

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score9.1
Base Severity🔴 Critical
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges Required🔴 High
User InteractionNONE
ScopeCHANGED
Confidentiality Impact🔴 High
Integrity Impact🔴 High
Availability Impact🔴 High

CWE

IDDescription
CWE-434CWE-434 Unrestricted Upload of File with Dangerous Type

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2024-05-13
  • Version: 0.3.3
  • AVID Entry