CVE-2024-7713

HIGH

AI ChatBot with ChatGPT and Content Generator by AYS < 2.1.0 - Unauthenticated OpenAI API Key Exposure

Title source: llm
STIX 2.1

Description

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it

References (1)

Core 1
Core References
Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/061eab97-4a84-4738-a1e8-ef9a1261ff73/

Scores

CVSS v3 7.5
EPSS 0.0030
EPSS Percentile 21.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-319
Status published
Products (1)
ays-pro/chatgpt_assistant < 2.1.0
Published Sep 27, 2024
Tracked Since Feb 18, 2026