{
  "id": "CVE-2024-1850",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-04-09T19:15:20.153",
  "lastModified": "2024-11-21T08:51:27.283",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions."
    },
    {
      "lang": "es",
      "value": "El complemento AI Post Generator | AutoWriter para WordPress es vulnerable al acceso no autorizado, modificaci\u00f3n o eliminaci\u00f3n de publicaciones debido a una falta de verificaci\u00f3n de capacidad en funciones conectadas por acciones AJAX en todas las versiones hasta la 3.3 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, vean todas las publicaciones generadas con este complemento (incluso en estado no publicado), creen nuevas publicaciones (y las publiquen), publiquen publicaciones no publicadas o realicen eliminaciones de publicaciones."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cve",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cve",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}