WordPress Plugin Vulnerabilities

AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure

Description

The plugin discloses the Open AI API Key, allowing unauthenticated users to obtain it

Proof of Concept

Affects Plugins

Plugin icon
ays-chatgpt-assistant
Fixed in 2.1.0

References

CVE
CVE-2024-7713

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Kieran Burge
Submitter
Kieran Burge
Submitter website
https://prisminfosec.com/
Verified
Yes
WPVDB ID
061eab97-4a84-4738-a1e8-ef9a1261ff73

Timeline

Publicly Published
2024-09-05 (about 1 year ago)
Added
2024-09-05 (about 1 year ago)
Last Updated
2024-09-05 (about 1 year ago)

Other

Published
Title
Published
2024-07-12
Title
Send Users Email < 1.5.2 - Unauthenticated Information Exposure
Published
2024-04-25
Title
WP-Members Membership Plugin < 3.4.9.4 - Unprotected Storage of Potentially Sensitive Files
Published
2024-07-08
Title
Social Sharing Plugin – Kiwi < 2.1.8 - Information Disclosure
Published
2021-03-26
Title
Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
Published
2025-09-22
Title
Estonian Shipping Methods for WooCommerce <= 1.7.2 - Unauthenticated Sensitive Information Exposure