ByteOS Network

NVD Vulnerability Details :

CVE-2024-5969

Analyzed

Source-security@wordfence.com

Published At-27 Jul, 2024 | 08:15

Updated At-08 Aug, 2025 | 01:53

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CPE Matches

coderevolution>>aiomatic>>Versions before 2.0.6(exclusive)

cpe:2.3:a:coderevolution:aiomatic:*:*:*:*:*:wordpress:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Secondary	security@wordfence.com
NVD-CWE-noinfo	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S	security@wordfence.com	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve	security@wordfence.com	Third Party Advisory
https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S	af854a3a-2127-422b-91ae-364da2661108	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History