CVE-2024-6845 — MEDIUM (CVSS 5.3) AI Security Vulnerability

CISO Take

Any WordPress site running 'Chatbot with ChatGPT' before v2.4.6 is leaking its OpenAI API key to unauthenticated attackers — the encoding is trivially reversible. Update to 2.4.6+ immediately and rotate the API key, treating it as fully compromised. Monitor OpenAI API usage logs for anomalous spend or unauthorized requests before and after patching.

Risk Assessment

CVSS 5.3 understates operational risk. The attack is zero-friction: no authentication, no user interaction, network-accessible, low complexity. The leaked API key enables financial harm via API cost abuse, unauthorized access to AI-generated content at the victim's expense, and potential exposure of conversation history. WordPress plugins with embedded AI credentials represent a rapidly growing and poorly-audited attack surface for LLM API key theft.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
chatbot_with_chatgpt	—	—	No patch

Do you use chatbot_with_chatgpt? You're affected.

Severity & Risk

CVSS 3.1

5.3 / 10

EPSS

21.6%

chance of exploitation in 30 days

Higher than 96% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ CISA SSVC: Public PoC

○ Public PoC indexed (trickest/cve)

○ Nuclei detection template available

○ EPSS exploit prediction: 22%

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR None

UI None

S Unchanged

C Low

I None

A None

Recommended Action

6 steps

Update plugin to v2.4.6+ immediately — this is the only full remediation.
Rotate the OpenAI API key unconditionally — treat as compromised regardless of observed exploitation.
Set API spend limits and budget alerts in the OpenAI dashboard to cap financial exposure.
Audit OpenAI API usage logs for the period the vulnerable plugin was active.
Scan all WordPress instances in the environment for this plugin version via WPScan or equivalent.
Establish a policy requiring security review before deploying plugins that store third-party AI API credentials.

CISA SSVC Assessment

Decision Track*

Exploitation poc

Automatable Yes

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Data Extraction Auth Bypass API Plugin AML.T0034 - Cost Harvesting AML.T0040 - AI Model Inference API Access AML.T0049 - Exploit Public-Facing Application AML.T0055 - Unsecured Credentials AML.T0091.000 - Application Access Token

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 15 - Accuracy, robustness and cybersecurity

ISO 42001

A.6.2.5 - Access control for AI systems

NIST AI RMF

GOVERN-6.1 - Policies for AI risk management across the organization

OWASP LLM Top 10

LLM07 - Insecure Plugin Design

Related AI Incidents (1)

Chevrolet Dealer Chatbot Agrees to Sell Tahoe for $1

Dec 2023 General Motors, Chevrolet of Watsonville, ChatGPT medium confidence

Company "ChatGPT" in CVE description; Shared keyword: "chatbot"

AIID #622

Source: AI Incident Database (AIID)

Frequently Asked Questions

What is CVE-2024-6845?

Any WordPress site running 'Chatbot with ChatGPT' before v2.4.6 is leaking its OpenAI API key to unauthenticated attackers — the encoding is trivially reversible. Update to 2.4.6+ immediately and rotate the API key, treating it as fully compromised. Monitor OpenAI API usage logs for anomalous spend or unauthorized requests before and after patching.

Is CVE-2024-6845 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2024-6845, increasing the risk of exploitation.

How to fix CVE-2024-6845?

1. Update plugin to v2.4.6+ immediately — this is the only full remediation. 2. Rotate the OpenAI API key unconditionally — treat as compromised regardless of observed exploitation. 3. Set API spend limits and budget alerts in the OpenAI dashboard to cap financial exposure. 4. Audit OpenAI API usage logs for the period the vulnerable plugin was active. 5. Scan all WordPress instances in the environment for this plugin version via WPScan or equivalent. 6. Establish a policy requiring security review before deploying plugins that store third-party AI API credentials.

What systems are affected by CVE-2024-6845?

This vulnerability affects the following AI/ML architecture patterns: WordPress AI chatbot deployments, LLM API integrations, plugin-based AI implementations, SaaS-embedded AI features via third-party plugins.

What is the CVSS score for CVE-2024-6845?

CVE-2024-6845 has a CVSS v3.1 base score of 5.3 (MEDIUM). The EPSS exploitation probability is 21.60%.

Technical Details

NVD Description

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key

Exploitation Scenario

An attacker enumerates WordPress sites via WPScan, Shodan, or targeted Google dorking, identifying installations running the vulnerable plugin version. They call the exposed REST endpoint without credentials, receive the encoded OpenAI API key in the HTTP response, and decode it in seconds (trivial encoding such as base64). With valid OpenAI credentials in hand, the attacker runs unlimited API queries at the victim's expense, probes for stored conversation data, or lists the key on underground markets. No AI or ML knowledge is required — this is a standard web exploitation path accessible to commodity threat actors.