WordPress Plugin Vulnerabilities

AI Power: Complete AI Pack – Powered by GPT-4 < 1.8.3 - Missing Authorization to Sensitive Data Exposure

Description

The AI Power: Complete AI Pack – Powered by GPT-4 plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_export_logs_callback() function in all versions up to, and including, 1.8.2. This makes it possible for unauthenticated attackers to export the plugin's logs which may contain sensitive information.

Affects Plugins

Plugin icon
gpt3-ai-content-generator
Fixed in 1.8.3

References

CVE
CVE-2023-51527
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3f95c288-7710-46aa-898b-a923afa7a4ab

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Brandon James Roldan (tomorrowisnew)
Verified
No
WPVDB ID
43ae5b7e-2b7e-4225-9dff-9f0ab41320eb

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-04 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2024-06-18
Title
MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-02-11
Title
Gutenberg Blocks by Kadence Blocks < 3.6.0 - Missing Authorization
Published
2025-08-29
Title
Blog Designer PRO <= 3.4.8 - Missing Authorization
Published
2025-08-22
Title
Greenshift < 12.1.2 - Missing Authorization
Published
2025-09-09
Title
Export WP Page to Static HTML/CSS < 4.2.0 - Missing Authorization