CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Explanation of Vulnerability in Simple Terms
The AI ChatBot plugin for WordPress contains a server-side request forgery vulnerability that allows unauthenticated attackers to make the site send HTTP requests to internal or external systems. An attacker can read limited data from those systems or modify content on them. No user interaction is required. Versions 2.7.0 and earlier are affected.
What an attacker can do
Make the site send requests to internal systems or external servers to read or modify data.
Potential impact on your site
Attackers can access internal services, read sensitive data, or modify external content via your site.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities
