CVE-2026-1336 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the storedata and getchatgptapikey functions in all versions up to, and including, 2.7.5. This makes it possible for...

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-6846

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

PT-2024-20040 · Llamahub · Llamahub

Name of the Vulnerable Software and Affected Versions: LlamaHub aka llama-hub versions prior to 0.0.67 Description: The OpenAPI and ChatGPT plugin loaders in LlamaHub allow attackers to execute arbitrary code because safe load is not used for YAML. This issue enables attackers to execute arbitrar...