CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

175 matches found

Cvelist•added 2026/05/20 5:31 a.m.•33 views

CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS0.00061EPSS

Exploits0References2

RedhatCVE•added 2026/03/04 1:56 a.m.•2 views

CVE-2026-1336

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the storedata and getchatgptapikey functions in all versions up to, and including, 2.7.5. This makes it possible for...

5.3CVSS5.9AI score0.00089EPSS

Exploits0References1

CNNVD•added 2026/02/19 12:0 a.m.•4 views

WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:31 p.m.•7 views

CVE-2023-4254

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00112EPSS

Exploits2References1

HackRead•added 2025/12/24 11:23 a.m.•3 views

Eurostar Accused Researchers of Blackmail for Reporting AI Chatbot Flaws

Researchers discovered critical flaws in Eurostar’s AI chatbot including prompt injection, HTML injection, guardrail bypass, and unverified chat IDs - Eurostar later accused them of blackmail...

7AI score

Exploits0

Patchstack•added 2025/11/27 11:30 a.m.•3 views

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'pineconeurl' Parameter vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

6.5CVSS7.1AI score0.00149EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/11/27 9:27 a.m.•2 views

CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...

5.3CVSS5.1AI score0.00154EPSS

Exploits0References6

Cvelist•added 2025/11/06 3:55 p.m.•5 views

CVE-2025-62039 WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.6.6 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.6.6...

7.5CVSS0.02614EPSS

Exploits0References1

Vulnrichment•added 2025/11/06 3:55 p.m.•3 views

CVE-2025-62039 WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.6.6 - Sensitive Data Exposure vulnerability

7.5CVSS6.5AI score0.02614EPSS

Exploits0References1

CNNVD•added 2025/10/25 12:0 a.m.•2 views

WordPress plugin AI Chatbot Free Models - Customer Support, Live Chat, Virtual Assistant Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

4.3CVSS5.8AI score0.00187EPSS

Exploits0References3

Patchstack•added 2025/10/24 11:34 p.m.•5 views

WordPress AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin <= 1.6.5 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AI Chatbot Free Models versions = 1.6.5...

4.3CVSS7AI score0.00187EPSS

Exploits0References1Affected Software1