AVID-2026-R1504

Description

WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability (CVE-2024-38791)

Details

Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7.

Reason for inclusion in AVID: CVE-2024-38791 documents a Server-Side Request Forgery (SSRF) vulnerability in the WordPress AI Engine plugin (<= 2.4.7), specifically in the AI Engine: ChatGPT Chatbot component. This plugin is a software component used to deliver AI features within a web application, i.e., part of an AI deployment stack. Although not a core AI framework, it is a dependency/tooling commonly involved in building/serving AI-enabled websites and services, which places it within the software supply chain for general-purpose AI systems. The CVE includes standard vulnerability details (CVSS) and a clear security impact (SSRF), providing sufficient evidence for curation.

References

• NVD entry
• https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-4-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

Affected or Relevant Artifacts

• Developer: OpenAI
• Deployer: OpenAI
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-08-01
• Version: 0.3.3
• AVID Entry