CVE-2025-69134 HIGH

CVE-2025-69134: WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability

Vendor Merkulove
Product OpenAI Chatbot for WordPress – Helper
Weakness CWE-862 · Missing authorization
Published July 2, 2026
Last update July 2, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.

Explanation of Vulnerability in Simple Terms

02Summary

The OpenAI Chatbot for WordPress plugin through version 1.1.4 lacks proper authorization checks, allowing unauthenticated attackers to disrupt the chatbot service. An attacker can send requests over the network without needing credentials or user interaction to trigger a denial-of-service condition. Site administrators should update immediately to a version newer than 1.1.4.

What an attacker can do

03Attacker Capabilities

Make the chatbot unavailable to legitimate users by sending requests that overload or crash the service.

Potential impact on your site

04Site Impact

Your chatbot feature becomes unavailable to visitors, affecting user engagement and support capabilities.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

July 2, 2026 CVE published
July 2, 2026 Record updated

Related vulnerabilities

08Related CVE