AVID-2026-R1499

Description

WordPress AI Power: Complete AI Pack – Powered by GPT-4 plugin <= 1.8.66 - Cross Site Scripting (XSS) vulnerability (CVE-2024-37465)

Details

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.This issue affects GPT3 AI Content Writer: from n/a through 1.8.66.

Reason for inclusion in AVID: The CVE describes a cross-site scripting vulnerability in a WordPress plugin that provides AI-powered content generation (GPT-4 powered). This plugin is a software component used in AI content pipelines and deployment stacks, making it part of the AI software supply chain. It is a security vulnerability (CVE) with potential impact on integrity/confidentiality, etc. Sufficient evidence provided via CVE entry and references.

References

Affected or Relevant Artifacts

Developer: OpenAI
Deployer: OpenAI
Artifact Details:

Type	Name
System	GPT3 AI Content Writer

Impact

AVID Taxonomy Categorization

Risk domains: Security
SEP subcategories: S0100: Software Vulnerability
Lifecycle stages: L06: Deployment

CVSS

Version	3.1
Vector String	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Base Score	6.5
Base Severity	🟠 Medium
Attack Vector	NETWORK
Attack Complexity	🟢 Low
Privileges Required	🟢 Low
User Interaction	REQUIRED
Scope	CHANGED
Confidentiality Impact	🟢 Low
Integrity Impact	🟢 Low
Availability Impact	🟢 Low

CWE

ID	Description
CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’)

Other information

Report Type: Advisory
Credits:
Date Reported: 2024-07-21
Version: 0.3.3
AVID Entry