CVE-2026-1336
AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and get_chatgpt_api_key() functions in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to view, modify or delete the plugin's ChatGPT API key. The vulnerability was partially fixed in version 2.7.5 and fully fixed in version 2.7.6
| CWE | CWE-862 |
| Vendor | ays-pro |
| Product | ai chatbot with chatgpt and content generator by ays |
| Published | Mar 2, 2026 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for ays-pro ai chatbot with chatgpt and content generator by ays
Be the first to know when new medium vulnerabilities affecting ays-pro ai chatbot with chatgpt and content generator by ays are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
ays-pro / AI ChatBot with ChatGPT and Content Generator by AYS
0 โค 2.7.5
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/53b3d441-4938-435f-85c3-707477f0293d?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/tags/2.7.4/includes/chatgpt-assistant-db-actions/class-chatgpt-assistant-db-actions.php#L23 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/tags/2.7.4/admin/class-chatgpt-assistant-admin.php#L4060
Credits
Nabil Irawan