Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud...

PT-2025-48254

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays chatgpt save wp media' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to...

CVE-2025-62039

Summary (CVE-2025-62039) Insertion of Sensitive Information Into Sent Data affects the WordPress plugin “AI ChatBot with ChatGPT and Content Generator by AYS” (versions up to 2.6.6). The issue allows retrieval of embedded sensitive data from sent data, as described by multiple sources. CVSS v3.1 ...

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also...

PT-2024-38529 · Ays · Ayswp Chatbot

Name of the Vulnerable Software and Affected Versions: The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin versions prior to 2.1.0 Description: The issue allows unauthenticated users to obtain the Open AI API Key. This is due to the disclosure of the Open AI API Key in the...