AYS AI ChatBot with ChatGPT and Content Generator
Moderate fix1 remedy
cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.7.5
AI ChatBot with ChatGPT and Content Generator by AYS Missing Authorization Vulnerability in WordPress Plugin
Vulnerability
Patched
A vulnerability exists in the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin, in versions through 2.7.5. The issue arises from inadequate capability checks in the store_data() and get_chatgpt_api_key() functions, allowing unauthorized access and modification of data. This flaw enables unauthenticated attackers to view, alter, or delete the plugin's ChatGPT API key. While version 2.7.5 addressed part of this vulnerability, it was not until version 2.7.6 that a complete fix was implemented.
Impact
Exploitation of this vulnerability allows for unauthorized access to, and modification of, the ChatGPT API key used by the plugin, potentially leading to unauthorized actions or data manipulation via the ChatGPT API.
Remediation
Users are advised to update the plugin to version 2.7.6 or a newer patched version.
Added: Mar 3, 2026, 12:18 AM
Updated: Mar 3, 2026, 12:18 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
7.8remediation
7.7relevance
3.4threat
3.2urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.