CVE-2024-13816 – Aiomatic WordPress Unauthenticated Privilege Escalation Vulnerability

March 8, 2025
10:19 am

CVE ID : CVE-2024-13816

Published : March 8, 2025, 9:15 a.m. | 58 minutes ago

Description : The Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, delete templates, and clear logs. The vulnerability was partially patched in version 2.3.5.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-13816 – Aiomatic WordPress Unauthenticated Privilege Escalation Vulnerability

Elvescore.io

Recent Posts

CVE-2025-2127 – JoomlaUX JUX Real Estate Cross Site Scripting Vulnerability

CVE-2025-2124 – Control iD RH iD API Handler Cross-Site Scripting Vulnerability

CVE-2025-2125 – Control iD RH iD PDF Document Handler Improper Resource Control Vulnerability

CVE-2025-2126 – JoomlaUX JUX Real Estate SQL Injection

CVE-2025-2122 – Thinkware Car Dashcam F800 Pro Local Network Denial of Service Vulnerability

CVE-2025-2123 – GeSHi CSS Handler Cross-Site Scripting Vulnerability

CVE-2024-13816 – Aiomatic WordPress Unauthenticated Privilege Escalation Vulnerability

CVE-2024-13816 – Aiomatic WordPress Unauthenticated Privilege Escalation Vulnerability