CVE-2023-51527: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-51527) affects AI Power: Complete AI Pack – Powered by GPT-4 WordPress plugin versions through 1.8.2. The vulnerability was discovered by Brandon James Roldan and was publicly disclosed on December 27, 2023. This security issue involves the exposure of sensitive information to unauthorized actors in the WordPress plugin (Patchstack, WPScan).

The vulnerability stems from a missing capability check in the wpaicg_export_logs_callback() function. This security flaw has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST and 5.3 (MEDIUM) by Patchstack. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-862 (Missing Authorization) (NVD, WPScan).

The vulnerability allows unauthenticated attackers to export the plugin's logs which may contain sensitive information. This exposure could potentially lead to unauthorized access to confidential data that is normally restricted from regular users (Patchstack).

The vulnerability has been patched in version 1.8.3 of the plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).