CVE-2024-7714

HIGH NUCLEI

AYS WordPress plugin <2.1.0 - Info Disclosure

Title source: llm

Description

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'

Nuclei Templates (1)

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

MEDIUMVERIFIEDby s4e-io

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/

Scores

CVSS v3 7.5

EPSS 0.2389

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (1)

ays-pro/chatgpt_assistant < 2.1.0

Published Sep 27, 2024

Tracked Since Feb 18, 2026