CVE-2024-0451 — MEDIUM (CVSS 5.0) AI Security Vulnerability

CISO Take

Any subscriber-level WordPress user on sites running AI ChatBot plugin ≤5.3.4 can enumerate all files stored in the site's linked OpenAI account. Update the plugin immediately and rotate the associated OpenAI API key. Audit your OpenAI account for sensitive fine-tuning datasets, assistant knowledge files, or proprietary documents that may have been exposed.

Risk Assessment

Medium CVSS (5.0) understates the real-world risk when the linked OpenAI account contains fine-tuning datasets or proprietary RAG documents. Exploitation requires only subscriber-level WordPress access — trivially obtained on sites with open registration. No user interaction or elevated privileges needed. The risk is highest for organizations using OpenAI Assistants API or fine-tuning workflows where uploaded files contain IP or PII.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
wpbot	pip	—	No patch

Do you use wpbot? You're affected.

Severity & Risk

CVSS 3.1

5.0 / 10

EPSS

0.4%

chance of exploitation in 30 days

Higher than 59% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ Public PoC indexed (trickest/cve)

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR Low

UI None

S Changed

C Low

I None

A None

Recommended Action

6 steps

Update AI ChatBot plugin to the patched version (changeset 3089461 or later).
Immediately rotate the OpenAI API key used by the plugin — file listing reveals account structure useful for targeted follow-on attacks.
Audit files in the OpenAI account dashboard and remove sensitive or proprietary content.
If patching is delayed, disable public WordPress user registration to limit subscriber-level access.
Review WordPress user roles and revoke unnecessary accounts.
Monitor OpenAI API usage logs for anomalous file-list calls originating from the plugin key.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Data Extraction Auth Bypass API Plugin AML.T0007 - Discover AI Artifacts AML.T0012 - Valid Accounts AML.T0035 - AI Artifact Collection AML.T0040 - AI Model Inference API Access AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity

ISO 42001

A.6.1.3 - Information security controls for AI systems

NIST AI RMF

GOVERN 6.2 - Policies and procedures for third-party AI risks

OWASP LLM Top 10

LLM02 - Sensitive Information Disclosure

Frequently Asked Questions

What is CVE-2024-0451?

Any subscriber-level WordPress user on sites running AI ChatBot plugin ≤5.3.4 can enumerate all files stored in the site's linked OpenAI account. Update the plugin immediately and rotate the associated OpenAI API key. Audit your OpenAI account for sensitive fine-tuning datasets, assistant knowledge files, or proprietary documents that may have been exposed.

Is CVE-2024-0451 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2024-0451, increasing the risk of exploitation.

How to fix CVE-2024-0451?

1. Update AI ChatBot plugin to the patched version (changeset 3089461 or later). 2. Immediately rotate the OpenAI API key used by the plugin — file listing reveals account structure useful for targeted follow-on attacks. 3. Audit files in the OpenAI account dashboard and remove sensitive or proprietary content. 4. If patching is delayed, disable public WordPress user registration to limit subscriber-level access. 5. Review WordPress user roles and revoke unnecessary accounts. 6. Monitor OpenAI API usage logs for anomalous file-list calls originating from the plugin key.

What systems are affected by CVE-2024-0451?

This vulnerability affects the following AI/ML architecture patterns: WordPress AI plugin integrations, OpenAI Assistants API deployments, LLM fine-tuning pipelines, RAG knowledge base pipelines.

What is the CVSS score for CVE-2024-0451?

CVE-2024-0451 has a CVSS v3.1 base score of 5.0 (MEDIUM). The EPSS exploitation probability is 0.38%.

Technical Details

NVD Description

The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account.

Exploitation Scenario

An attacker registers as a subscriber on a target WordPress site (or uses a compromised low-privilege account) and directly calls the plugin's openai_file_list_callback REST endpoint. The missing capability check allows the unauthenticated-equivalent call to pass through the plugin, which proxies the request to the OpenAI Files API using the site's stored API key. The attacker receives a full inventory of files in the organization's OpenAI account — including fine-tuning datasets and assistant knowledge documents — along with file IDs that can be used to retrieve file metadata or inform targeted exfiltration of the organization's AI intellectual property.