CVE-2024-0453 — HIGH (CVSS 7.7) AI Security Vulnerability

CISO Take

Any subscriber-level WordPress user can delete files from your organization's linked OpenAI account — including fine-tuned models and assistant training data. Patch to 5.3.5+ immediately or disable the plugin. Rotate the OpenAI API key and audit what files were deleted in your OpenAI account dashboard.

Risk Assessment

High risk for organizations using the WordPress AI ChatBot plugin with a connected OpenAI account. Exploitation requires only a subscriber account (trivially obtained on many WordPress sites), no complex attack chains, and the impact extends beyond the WordPress perimeter into the OpenAI account itself. The scope change (CVSS S:C) reflects this cross-boundary blast radius. Not in CISA KEV and no confirmed active exploitation, but the low barrier makes opportunistic abuse realistic.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
wpbot	pip	—	No patch

Do you use wpbot? You're affected.

Severity & Risk

CVSS 3.1

7.7 / 10

EPSS

0.2%

chance of exploitation in 30 days

Higher than 36% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

Attack Surface

AV Network

AC Low

PR Low

UI None

S Changed

C None

I High

A None

Recommended Action

5 steps

Patch immediately

Update WordPress AI ChatBot plugin to 5.3.5 or later — the patch adds proper capability checks to openai_file_delete_callback.
Rotate OpenAI API key

Treat the existing key as potentially abused; generate a new one with least-privilege scopes (restrict to only needed endpoints).
Audit OpenAI account

Review Files API logs in the OpenAI dashboard for unexpected deletions. Restore from backups if fine-tuned models or assistant files are missing.
Scope API keys

Going forward, never use a full-access OpenAI API key in WordPress plugins — use scoped keys that only allow required operations.
Detection

Monitor OpenAI API key usage via organization audit logs; alert on bulk file deletions from unexpected sources.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Auth Bypass Data Extraction API Plugin AML.T0012 - Valid Accounts AML.T0040 - AI Model Inference API Access AML.T0049 - Exploit Public-Facing Application AML.T0101 - Data Destruction via AI Agent Tool Invocation

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 9 - Risk Management System

ISO 42001

A.8.3 - Data Governance and Access Controls

NIST AI RMF

GOVERN 1.7 - AI Risk and Trustworthiness — Access Control Policies

OWASP LLM Top 10

LLM07 - Insecure Plugin Design

Frequently Asked Questions

What is CVE-2024-0453?

Any subscriber-level WordPress user can delete files from your organization's linked OpenAI account — including fine-tuned models and assistant training data. Patch to 5.3.5+ immediately or disable the plugin. Rotate the OpenAI API key and audit what files were deleted in your OpenAI account dashboard.

Is CVE-2024-0453 actively exploited?

No confirmed active exploitation of CVE-2024-0453 has been reported, but organizations should still patch proactively.

How to fix CVE-2024-0453?

1. **Patch immediately**: Update WordPress AI ChatBot plugin to 5.3.5 or later — the patch adds proper capability checks to openai_file_delete_callback. 2. **Rotate OpenAI API key**: Treat the existing key as potentially abused; generate a new one with least-privilege scopes (restrict to only needed endpoints). 3. **Audit OpenAI account**: Review Files API logs in the OpenAI dashboard for unexpected deletions. Restore from backups if fine-tuned models or assistant files are missing. 4. **Scope API keys**: Going forward, never use a full-access OpenAI API key in WordPress plugins — use scoped keys that only allow required operations. 5. **Detection**: Monitor OpenAI API key usage via organization audit logs; alert on bulk file deletions from unexpected sources.

What systems are affected by CVE-2024-0453?

This vulnerability affects the following AI/ML architecture patterns: WordPress-integrated LLM deployments, OpenAI Assistants API integrations, Fine-tuned model pipelines, RAG pipelines using OpenAI Files API, Plugin-based AI agent frameworks.

What is the CVSS score for CVE-2024-0453?

CVE-2024-0453 has a CVSS v3.1 base score of 7.7 (HIGH). The EPSS exploitation probability is 0.15%.

Technical Details

NVD Description

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account.

Exploitation Scenario

An attacker registers or compromises a subscriber account on a WordPress site using the vulnerable plugin. They then send a crafted authenticated HTTP request to the openai_file_delete_callback endpoint, passing a target OpenAI file_id. Because no capability check validates that the user should have administrative rights over the OpenAI integration, the request is processed and the file is permanently deleted from the organization's OpenAI account. A targeted attacker could enumerate and delete all files — destroying custom assistant knowledge bases, fine-tuned model training data, and RAG document stores — potentially taking down AI-powered features organization-wide. The entire attack requires only a valid subscriber session cookie and knowledge of the endpoint.