← Back to CVE List

CVE-2024-12605

Published: 2025-01-09T11:15Z
Last Modified: 2025-01-09T15:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the "al_scribe_content_data" actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt