CVE-2023-51409

WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability

CVSS 10 CRITICALEPSS 63.3%CWE-434

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Jordy Meow · AI Engine: ChatGPT Chatbot

public PoCs found — 3

githubgithub.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2023-51409★ 1 githubgithub.com/RandomRobbieBF/CVE-2023-51409★ 1 githubgithub.com/Nxploited/CVE-2023-51409★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2023-51409 https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-1-9-98-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve