AI Threat Alert AI Threat Alert

CVE-2024-4858: WP Testimonial Carousel: OpenAI API key hijack, no auth

MEDIUM PoC AVAILABLE
Published May 25, 2024
CISO Take

Any unauthenticated attacker can overwrite the OpenAI API key in Testimonial Carousel for Elementor (≤10.2.0), disabling AI features or substituting attacker-controlled credentials. Update to 10.2.1+ immediately and rotate your OpenAI API key — assume it may have been tampered with. If patching is delayed, deactivate the plugin.

Risk Assessment

Medium CVSS but trivial to exploit at scale. Zero authentication required, network-accessible, low complexity — ideal for automated WordPress scanner campaigns. Impact is confined to integrity of AI configuration rather than data exfiltration or code execution, but the zero-barrier exploitation lowers the effective risk threshold for opportunistic attackers mass-scanning WordPress deployments.

Affected Systems

Package Ecosystem Vulnerable Range Patched
testimonial_carousel_for_elementor No patch

Do you use testimonial_carousel_for_elementor? You're affected.

Severity & Risk

CVSS 3.1
5.3 / 10
EPSS
0.2%
chance of exploitation in 30 days
Higher than 41% of all CVEs
Source: EPSS v3 — FIRST.org
Exploitation Status
Exploit Available
Exploitation: MEDIUM
Sophistication
Trivial
Exploitation Confidence
medium
Public PoC indexed (trickest/cve)
Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV AC PR UI S C I A
AV Network
AC Low
PR None
UI None
S Unchanged
C None
I Low
A None

Recommended Action

6 steps

  1. Patch: update to version 10.2.1 or later.

  2. Rotate your OpenAI API key immediately post-patch — treat the stored key as compromised.

  3. If patching is delayed, deactivate the plugin entirely.

  4. Add OpenAI API usage alerts to detect anomalous spend or unexpected key changes.

  5. Review server logs for unauthenticated POST requests to wp-admin/admin-ajax.php targeting action=save_testimonials_option_callback.

  6. Audit all WordPress plugins storing third-party AI API keys for similar missing-capability-check patterns.

CISA SSVC Assessment

Decision Track
Exploitation none
Automatable Yes
Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Auth Bypass DoS API Plugin AML.T0029 AML.T0049 AML.T0055 AML.T0081

Compliance Impact

This CVE is relevant to:

EU AI Act
Art.9 - Risk management system
ISO 42001
A.6.2.3 - AI system access control
NIST AI RMF
MANAGE-2.2 - Mechanisms exist to sustain AI risk management
OWASP LLM Top 10
LLM07 - Insecure Plugin Design

Frequently Asked Questions

What is CVE-2024-4858?

Any unauthenticated attacker can overwrite the OpenAI API key in Testimonial Carousel for Elementor (≤10.2.0), disabling AI features or substituting attacker-controlled credentials. Update to 10.2.1+ immediately and rotate your OpenAI API key — assume it may have been tampered with. If patching is delayed, deactivate the plugin.

Is CVE-2024-4858 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2024-4858, increasing the risk of exploitation.

How to fix CVE-2024-4858?

1. Patch: update to version 10.2.1 or later. 2. Rotate your OpenAI API key immediately post-patch — treat the stored key as compromised. 3. If patching is delayed, deactivate the plugin entirely. 4. Add OpenAI API usage alerts to detect anomalous spend or unexpected key changes. 5. Review server logs for unauthenticated POST requests to wp-admin/admin-ajax.php targeting action=save_testimonials_option_callback. 6. Audit all WordPress plugins storing third-party AI API keys for similar missing-capability-check patterns.

What systems are affected by CVE-2024-4858?

This vulnerability affects the following AI/ML architecture patterns: WordPress AI plugin integrations, OpenAI API integrations, AI-powered content generation pipelines.

What is the CVSS score for CVE-2024-4858?

CVE-2024-4858 has a CVSS v3.1 base score of 5.3 (MEDIUM). The EPSS exploitation probability is 0.19%.

Technical Details

NVD Description

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.

Exploitation Scenario

Attacker enumerates WordPress sites running Testimonial Carousel for Elementor via plugin version fingerprinting (readme.txt, response headers). Without any credentials, sends a crafted POST to /wp-admin/admin-ajax.php with action=save_testimonials_option_callback and a malicious openai_api_key parameter. Plugin stores the value without authorization check. AI testimonial generation immediately fails (DoS) or routes through attacker's OpenAI account. Full attack chain is automatable — a single scan-and-exploit script can compromise thousands of sites simultaneously.

Weaknesses (CWE)

CWE-862 Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Timeline

Published
May 25, 2024
Last Modified
April 4, 2025
First Seen
May 25, 2024

Related Vulnerabilities

CRITICAL CVE-2026-21858 10.0

n8n: Input Validation flaw enables exploitation

Same attack type: Auth Bypass
CRITICAL GHSA-vvpj-8cmc-gx39 10.0

picklescan: security flaw enables exploitation

Same attack type: Auth Bypass
CRITICAL CVE-2025-2828 10.0

LangChain RequestsToolkit: SSRF exposes cloud metadata

Same attack type: Auth Bypass
CRITICAL CVE-2025-53767 10.0

Azure OpenAI: SSRF EoP, no auth required (CVSS 10)

Same attack type: Auth Bypass
CRITICAL CVE-2026-26030 10.0

semantic-kernel: Code Injection enables RCE

Same attack type: Auth Bypass
Back to Threat Feed