CVE-2024-7713: AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure

Description

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it

Classification

CVE ID: CVE-2024-7713

Problem Types

CWE-200 Information Exposure

Affected Products

Vendor: Unknown

Product: AI ChatBot with ChatGPT and Content Generator by AYS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.26% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-7713
https://wpscan.com/vulnerability/061eab97-4a84-4738-a1e8-ef9a1261ff73/

Timeline

2025-03-18 21:40:25 UTC
CVE

AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure