CVE-2024-0452 — HIGH (CVSS 7.7) AI Security Vulnerability

CISO Take

Any authenticated WordPress subscriber can upload arbitrary files to your linked OpenAI account — this bypasses your OpenAI access controls entirely via a missing capability check in the plugin. Update wpbot to 5.3.5+ immediately and rotate your OpenAI API key. Audit your OpenAI Files API storage for unauthorized uploads and monitor for unexpected API cost spikes.

Risk Assessment

High severity (CVSS 7.7, Scope:Changed). Exploitability is trivial: any registered WordPress user (subscriber role, the lowest privilege level) can trigger this with a single authenticated request — no special skills required. The blast radius extends beyond the WordPress install itself to the connected OpenAI account, meaning the real asset at risk is your OpenAI API key and associated billing/data. Sites with open user registration are immediately exposed.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
wpbot	pip	—	No patch

Do you use wpbot? You're affected.

Severity & Risk

CVSS 3.1

7.7 / 10

EPSS

0.2%

chance of exploitation in 30 days

Higher than 43% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ Public PoC indexed (trickest/cve)

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR Low

UI None

S Changed

C None

I High

A None

Recommended Action

6 steps

Patch: Update the AI ChatBot plugin to version 5.3.5 or later immediately via WordPress admin panel.
Rotate credentials: Revoke and regenerate the OpenAI API key associated with this WordPress installation.
Audit: Review files in your OpenAI account (platform.openai.com > Storage > Files) for unauthorized uploads; delete any suspicious entries.
Monitor: Set up OpenAI usage alerts to detect unexpected cost spikes or API call anomalies.
Workaround (if patching is delayed): Disable user registration on the WordPress site or restrict the OpenAI API key to minimum required permissions via OpenAI's key scoping.
Detect: Review WordPress access logs for POST requests to the openai_file_upload_callback endpoint from low-privilege user sessions.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Auth Bypass Data Leakage Model Poisoning API Plugin AML.T0012 - Valid Accounts AML.T0020 - Poison Training Data AML.T0034 - Cost Harvesting AML.T0040 - AI Model Inference API Access AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 9 - Risk management system

ISO 42001

A.9.2 - Access control to AI systems and tools

NIST AI RMF

GOVERN 1.7 - Organizational practices and policies for AI risk management

OWASP LLM Top 10

LLM07 - Insecure Plugin Design LLM08 - Excessive Agency

Frequently Asked Questions

What is CVE-2024-0452?

Any authenticated WordPress subscriber can upload arbitrary files to your linked OpenAI account — this bypasses your OpenAI access controls entirely via a missing capability check in the plugin. Update wpbot to 5.3.5+ immediately and rotate your OpenAI API key. Audit your OpenAI Files API storage for unauthorized uploads and monitor for unexpected API cost spikes.

Is CVE-2024-0452 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2024-0452, increasing the risk of exploitation.

How to fix CVE-2024-0452?

1. Patch: Update the AI ChatBot plugin to version 5.3.5 or later immediately via WordPress admin panel. 2. Rotate credentials: Revoke and regenerate the OpenAI API key associated with this WordPress installation. 3. Audit: Review files in your OpenAI account (platform.openai.com > Storage > Files) for unauthorized uploads; delete any suspicious entries. 4. Monitor: Set up OpenAI usage alerts to detect unexpected cost spikes or API call anomalies. 5. Workaround (if patching is delayed): Disable user registration on the WordPress site or restrict the OpenAI API key to minimum required permissions via OpenAI's key scoping. 6. Detect: Review WordPress access logs for POST requests to the `openai_file_upload_callback` endpoint from low-privilege user sessions.

What systems are affected by CVE-2024-0452?

This vulnerability affects the following AI/ML architecture patterns: WordPress AI plugin integrations, LLM API-connected web applications, OpenAI fine-tuning pipelines, Shared LLM API accounts across multi-tenant apps.

What is the CVSS score for CVE-2024-0452?

CVE-2024-0452 has a CVSS v3.1 base score of 7.7 (HIGH). The EPSS exploitation probability is 0.21%.

Technical Details

NVD Description

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account.

Exploitation Scenario

An adversary registers a free subscriber account on a WordPress site running the vulnerable AI ChatBot plugin. They then send an authenticated POST request to the `openai_file_upload_callback` endpoint, attaching a crafted file (e.g., a poisoned JSONL fine-tuning dataset or a large binary to inflate costs). The file is uploaded directly to the site owner's OpenAI account without any capability verification. In a targeted attack, the adversary could upload a malicious fine-tuning dataset designed to backdoor or degrade the model if the site owner later uses those files for fine-tuning. In an opportunistic attack, they upload large files repeatedly to inflate the victim's OpenAI API costs.