CVE-2025-62039

HIGH7.5

Public PoC

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.6.6.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

ays-pro / AI ChatBot with ChatGPT and Content Generator by AYS0 – 2.6.6

Exploits & PoCs

nucleiAI ChatBot with ChatGPT by AYS <= 2.6.6 - Unauthenticated API Key Exposureby pussycat0x

References

MISChttps://patchstack.com/database/Wordpress/Plugin/ays-chatgpt-assistant/vulnerability/wordpress-ai-chatbot-with-chatgpt-and-content-generator-by-ays-plugin-2-6-6-sensitive-data-exposure-vulnerability?_s_id=cve