AI Threat Alert

CVE-2024-4858: WP Testimonial Carousel: OpenAI API key hijack, no auth

MEDIUM PoC AVAILABLE
Published May 25, 2024
CISO Take

Any unauthenticated attacker can overwrite the OpenAI API key in Testimonial Carousel for Elementor (≤10.2.0), disabling AI features or substituting attacker-controlled credentials. Update to 10.2.1+ immediately and rotate your OpenAI API key — assume it may have been tampered with. If patching is delayed, deactivate the plugin.

What is the risk?

Medium CVSS but trivial to exploit at scale. Zero authentication required, network-accessible, low complexity — ideal for automated WordPress scanner campaigns. Impact is confined to integrity of AI configuration rather than data exfiltration or code execution, but the zero-barrier exploitation lowers the effective risk threshold for opportunistic attackers mass-scanning WordPress deployments.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
testimonial_carousel_for_elementor No patch

Do you use testimonial_carousel_for_elementor? You're affected.

How severe is it?

CVSS 3.1
5.3 / 10
EPSS
0.4%
chance of exploitation in 30 days
Higher than 32% of all CVEs
Source: EPSS v3 — FIRST.org
Exploitation Status
Exploit Available
Exploitation: MEDIUM
Sophistication
Trivial
Exploitation Confidence
medium
Public PoC indexed (trickest/cve)
Composite signal derived from CISA KEV, VulnCheck KEV, CISA SSVC, EPSS, Metasploit, Exploit-DB, trickest/cve, Nuclei templates, and inthewild.io exploitation reports.

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC Low
PR None
UI None
S Unchanged
C None
I Low
A None

What should I do?

6 steps

  1. Patch: update to version 10.2.1 or later.

  2. Rotate your OpenAI API key immediately post-patch — treat the stored key as compromised.

  3. If patching is delayed, deactivate the plugin entirely.

  4. Add OpenAI API usage alerts to detect anomalous spend or unexpected key changes.

  5. Review server logs for unauthenticated POST requests to wp-admin/admin-ajax.php targeting action=save_testimonials_option_callback.

  6. Audit all WordPress plugins storing third-party AI API keys for similar missing-capability-check patterns.

What does CISA's SSVC say?

Decision Track
Exploitation none
Automatable Yes
Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

How is it classified?

Auth Bypass DoS API Plugin AML.T0029 AML.T0049 AML.T0055 AML.T0081

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act
Art.9 - Risk management system
ISO 42001
A.6.2.3 - AI system access control
NIST AI RMF
MANAGE-2.2 - Mechanisms exist to sustain AI risk management
OWASP LLM Top 10
LLM07 - Insecure Plugin Design

Frequently Asked Questions

What is CVE-2024-4858?

Any unauthenticated attacker can overwrite the OpenAI API key in Testimonial Carousel for Elementor (≤10.2.0), disabling AI features or substituting attacker-controlled credentials. Update to 10.2.1+ immediately and rotate your OpenAI API key — assume it may have been tampered with. If patching is delayed, deactivate the plugin.

Is CVE-2024-4858 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2024-4858, increasing the risk of exploitation.

How to fix CVE-2024-4858?

1. Patch: update to version 10.2.1 or later. 2. Rotate your OpenAI API key immediately post-patch — treat the stored key as compromised. 3. If patching is delayed, deactivate the plugin entirely. 4. Add OpenAI API usage alerts to detect anomalous spend or unexpected key changes. 5. Review server logs for unauthenticated POST requests to wp-admin/admin-ajax.php targeting action=save_testimonials_option_callback. 6. Audit all WordPress plugins storing third-party AI API keys for similar missing-capability-check patterns.

What systems are affected by CVE-2024-4858?

This vulnerability affects the following AI/ML architecture patterns: WordPress AI plugin integrations, OpenAI API integrations, AI-powered content generation pipelines.

What is the CVSS score for CVE-2024-4858?

CVE-2024-4858 has a CVSS v3.1 base score of 5.3 (MEDIUM). The EPSS exploitation probability is 0.40%.

What is the AI security impact?

Affected AI Architectures

WordPress AI plugin integrationsOpenAI API integrationsAI-powered content generation pipelines

MITRE ATLAS Techniques

AML.T0029 Denial of AI Service
AML.T0049 Exploit Public-Facing Application
AML.T0055 Unsecured Credentials
AML.T0081 Modify AI Agent Configuration

Compliance Controls Affected

EU AI Act: Art.9
ISO 42001: A.6.2.3
NIST AI RMF: MANAGE-2.2
OWASP LLM Top 10: LLM07

What are the technical details?

Original Advisory

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.

Exploitation Scenario

Attacker enumerates WordPress sites running Testimonial Carousel for Elementor via plugin version fingerprinting (readme.txt, response headers). Without any credentials, sends a crafted POST to /wp-admin/admin-ajax.php with action=save_testimonials_option_callback and a malicious openai_api_key parameter. Plugin stores the value without authorization check. AI testimonial generation immediately fails (DoS) or routes through attacker's OpenAI account. Full attack chain is automatable — a single scan-and-exploit script can compromise thousands of sites simultaneously.

Weaknesses (CWE)

CWE-862 Missing Authorization Primary

CWE-862 — Missing Authorization: The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

  • [Architecture and Design] Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries. Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
  • [Architecture and Design] Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Timeline

Published
May 25, 2024
Last Modified
April 4, 2025
First Seen
May 25, 2024

Related Vulnerabilities

CRITICAL CVE-2026-21858 10.0

n8n: Input Validation flaw enables exploitation

Same attack type: Auth Bypass
CRITICAL GHSA-vvpj-8cmc-gx39 10.0

picklescan: security flaw enables exploitation

Same attack type: Auth Bypass
CRITICAL CVE-2025-2828 10.0

LangChain RequestsToolkit: SSRF exposes cloud metadata

Same attack type: Auth Bypass
CRITICAL CVE-2025-53767 10.0

Azure OpenAI: SSRF EoP, no auth required (CVSS 10)

Same attack type: Auth Bypass
CRITICAL CVE-2026-26030 10.0

semantic-kernel: Code Injection enables RCE

Same attack type: Auth Bypass
Back to Threat Feed