Vulnerabilities > CVE-2024-13816 - Missing Authorization vulnerability in Coderevolution Aiomatic

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
coderevolution
CWE-862
NVD
Published: 2025-03-08
Updated: 2025-03-24

Summary

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, delete templates, and clear logs. The vulnerability was partially patched in version 2.3.5.

Vulnerable Configurations

Part Description Count
Application
Coderevolution
139

Common Weakness Enumeration (CWE)

References