cleantalk
Vulnerabilities and Security Researches

AI Scribe: ChatGPT SEO Content Creator, Article Writer & SEO Assistant (OpenAI GPT-4 & GPT-3.5 Turbo, 16K, 32K & 12, CVE-2024-12605

CVE, Research URL

CVE-2024-12605

Home page URL

Security reports for AI Scribe: ChatGPT SEO Content Creator, Article Writer & SEO Assistant (OpenAI GPT-4 & GPT-3.5 Turbo, 16K, 32K & 12

Application

AI Scribe: ChatGPT SEO Content Creator, Article Writer & SEO Assistant (OpenAI GPT-4 & GPT-3.5 Turbo, 16K, 32K & 12

Published on
Jan 09, 2025
Research Description
The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the "al_scribe_content_data" actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.3.
Status
vulnerable
Previous vulnerability researches
AI Scribe: ChatGPT SEO Content Creator, Article Writer & SEO Assistant (OpenAI GPT-4 & GPT-3.5 Turbo, 16K, 32K & 12 (CVE-2024-12606) , May 06, 2025
AI Scribe: ChatGPT SEO Content Creator, Article Writer & SEO Assistant (OpenAI GPT-4 & GPT-3.5 Turbo, 16K, 32K & 12 (CVE-2024-12473) , May 06, 2025
AI Scribe: ChatGPT SEO Content Creator, Article Writer & SEO Assistant (OpenAI GPT-4 & GPT-3.5 Turbo, 16K, 32K & 12 (CVE-2024-12605) , Jan 10, 2025
New vulnerability
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3502) , May 07, 2025
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3503) , May 07, 2025
Category Widget (CVE-2025-46515) , May 07, 2025
Search Exclude (CVE-2025-2821) , May 07, 2025
IGIT Related Posts With Thumb Image After Posts (CVE-2025-46518) , May 07, 2025