What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.6.6.
Explanation of Vulnerability in Simple Terms
02Summary
The AI ChatBot with ChatGPT and Content Generator plugin for WordPress contains an information disclosure vulnerability affecting versions up to 2.6.6. An unauthenticated attacker can read sensitive data over the network without user interaction. The vulnerability stems from improper access controls that expose confidential information. Site administrators should update to a version newer than 2.6.6 immediately.
What an attacker can do
03Attacker Capabilities
Read sensitive data from the plugin without authentication or user interaction.
Potential impact on your site
04Site Impact
Confidential information stored or processed by the plugin may be exposed to unauthorized parties.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
November 6, 2025
CVE published
April 28, 2026
Record updated