Lucene search
K

5 matches found

Nuclei
Nuclei
added yesterday24 views

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ayschatgptdisconnect, ayschatgptconnect, and ayschatgptsavefeedback id: CVE-2024-7714 info: name: AI Assistant with...

7.5CVSS5.9AI score0.00848EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/04/23 7:16 a.m.7 views

AI ChatBot with ChatGPT by AYS <= 2.6.6 - Unauthenticated API Key Exposure

AYS AI ChatBot with ChatGPT and Content Generator = 2.6.6 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted input. id: CVE-2025-62039 info:...

7.5CVSS5.8AI score0.01273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/28 11:9 a.m.7 views

CVE-2025-13378

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

6.5CVSS5.9AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/28 11:9 a.m.12 views

CVE-2025-13381

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...

5.3CVSS5.5AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/27 12:30 p.m.10 views

EUVD-2025-199809

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...

5.3CVSS5AI score0.00249EPSS
Exploits0References7
Rows per page
Query Builder