CVE-2024-12606
AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.
| CWE | CWE-862 |
| Vendor | opacewebdesign |
| Product | opace ai scribe: seo content creator & humaizer for openai & anthropic |
| Published | Jan 10, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for opacewebdesign opace ai scribe: seo content creator & humaizer for openai & anthropic
Be the first to know when new medium vulnerabilities affecting opacewebdesign opace ai scribe: seo content creator & humaizer for openai & anthropic are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
opacewebdesign / Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic
0 ≤ 2.5
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/4bc4a765-719e-4e99-b7f3-d255e4c019f5?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard/trunk/article_builder.php#L730 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3308461
Credits
Peter Thaleikis