CVE-2024-6845
📋 TL;DR
The Chatbot with ChatGPT WordPress plugin before version 2.4.6 has an authorization flaw in a REST endpoint that allows unauthenticated attackers to retrieve and decode the OpenAI API key. This affects WordPress sites using vulnerable versions of this plugin, potentially exposing their OpenAI API credentials.
💻 Affected Systems
- Chatbot with ChatGPT WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to the OpenAI API key, incurring unauthorized usage charges, accessing sensitive AI-generated content, or using the key for other malicious purposes.
Likely Case
Unauthorized parties retrieve the OpenAI API key, leading to unexpected API usage costs and potential data exposure from AI interactions.
If Mitigated
Limited impact with proper network segmentation and API key monitoring, though credential exposure still occurs.
🎯 Exploit Status
Simple HTTP request to vulnerable REST endpoint can retrieve encoded key, which can then be decoded.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.6
Vendor Advisory: https://wpscan.com/vulnerability/cfaaa843-d89e-42d4-90d9-988293499d26/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Chatbot with ChatGPT' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 2.4.6+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable REST endpoint
allTemporarily disable the specific REST endpoint until patching
Add to theme's functions.php or custom plugin: remove_action('rest_api_init', 'chatbot_chatgpt_register_rest_routes');
Block unauthorized REST API access
linuxRestrict access to WordPress REST API endpoints
Add to .htaccess (Apache): <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_URI} ^/wp-json/chatbot-chatgpt/ RewriteCond %{HTTP:Authorization} !^Basic [NC] RewriteRule .* - [R=403,L] </IfModule>
🧯 If You Can't Patch
- Deactivate the Chatbot with ChatGPT plugin immediately
- Rotate OpenAI API key and implement usage monitoring
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin > Plugins > Installed Plugins. If version is below 2.4.6, you are vulnerable.Check Version:
wp plugin list --name='Chatbot with ChatGPT' --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.4.6 or higher. Test by attempting to access the vulnerable endpoint (should return 403 or proper authorization error).📡 Detection & Monitoring
Log Indicators:
- Unauthorized requests to /wp-json/chatbot-chatgpt/v1/ endpoint
- Multiple 200 responses to REST API without authentication
Network Indicators:
- Unusual traffic to OpenAI API from unexpected sources
- Spike in OpenAI API usage
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-json/chatbot-chatgpt/v1/" AND http_status=200 AND NOT auth_user=*)