Home » Database

AVID-2026-R1572

Description

WordPress AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot plugin <= 1.6.2 - Cross Site Request Forgery (CSRF) vulnerability (CVE-2024-54306)

Details

Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through 1.6.2.

Reason for inclusion in AVID: CVE-2024-54306 describes a Cross-Site Request Forgery vulnerability in a WordPress plugin that provides an AI chatbot experience. The vulnerable component is a software artifact used to deploy AI chatbot functionality, thus a part of the software supply chain for general-purpose AI systems. It is a security vulnerability with potential impact on AI service integrity and availability, and the report includes explicit CVE details and CVSS metrics.

References

Affected or Relevant Artifacts

  • Developer: OpenAI
  • Deployer: OpenAI
  • Artifact Details:
TypeName
SystemAIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score4.3
Base Severity🟠 Medium
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges RequiredNONE
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity Impact🟢 Low
Availability ImpactNONE

CWE

IDDescription
CWE-352CWE-352 Cross-Site Request Forgery (CSRF)

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2024-12-13
  • Version: 0.3.3
  • AVID Entry