{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25338", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:52:37.307Z", "datePublished": "2026-02-19T08:26:58.376Z", "dateUpdated": "2026-04-28T16:14:55.849Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "ays-chatgpt-assistant", "product": "AI ChatBot with ChatGPT and Content Generator by AYS", "vendor": "Ays Pro", "versions": [{"changes": [{"at": "2.7.5", "status": "unaffected"}], "lessThanOrEqual": "2.7.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "w41bu1 | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:06.969Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4.</p>"}], "value": "Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:55.849Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/ays-chatgpt-assistant/vulnerability/wordpress-ai-chatbot-with-chatgpt-and-content-generator-by-ays-plugin-2-7-4-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T21:15:20.370373Z", "id": "CVE-2026-25338", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T13:06:36.249Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25338", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:52:37.307Z", "datePublished": "2026-02-19T08:26:58.376Z", "dateUpdated": "2026-04-28T13:06:36.249Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "ays-chatgpt-assistant", "product": "AI ChatBot with ChatGPT and Content Generator by AYS", "vendor": "Ays Pro", "versions": [{"changes": [{"at": "2.7.5", "status": "unaffected"}], "lessThanOrEqual": "2.7.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "w41bu1 | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-28T13:26:41.137Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4.</p>"}], "value": "Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T12:10:49.312Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/ays-chatgpt-assistant/vulnerability/wordpress-ai-chatbot-with-chatgpt-and-content-generator-by-ays-plugin-2-7-4-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25338", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T21:15:20.370373Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T21:15:06.409Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Ays Pro AI ChatBot con ChatGPT y Generador de Contenido de AYS ays-chatgpt-assistant permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a AI ChatBot con ChatGPT y Generador de Contenido de AYS: desde n/a hasta &lt;= 2.7.4."}], "id": "CVE-2026-25338", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-19T09:16:18.600", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/ays-chatgpt-assistant/vulnerability/wordpress-ai-chatbot-with-chatgpt-and-content-generator-by-ays-plugin-2-7-4-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.7.4]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[2.7.5,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AI ChatBot with ChatGPT and Content Generator by AYS", "source": "cna", "vendor": "Ays Pro"}, "product": "ai_chatbot_with_chatgpt_and_content_generator_by_ays", "vendor": "ays_pro"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T00:27:09.200523+00:00", "value": {"mitigation_remediation": ["Upgrade the Ays Pro AI ChatBot plugin to the latest version (2.7.5 or newer) which includes the missing authorization fix.", "If an update is not immediately possible, restrict the plugin\u2019s administrative pages to administrators only, enforcing strict role\u2011based access controls.", "Remove or disable the plugin if it is not required for site functionality to eliminate the vulnerable code path."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access via Missing Authorization"}, "threat_synthesis": {"affected_systems": "The affected product is the Ays Pro AI ChatBot with ChatGPT and Content Generator WordPress plugin, versions up to and including 2.7.4. Earlier versions are unknown; the vendor does not specify a lower bound.", "description_and_impact": "The vulnerability is a missing authorization flaw (CWE\u2011862) in the Ays Pro AI ChatBot with ChatGPT and Content Generator WordPress plugin. This flaw allows an attacker to bypass normal access controls and perform actions that should be restricted to authorized users. As a result, an unauthenticated or low\u2011privilege user could potentially read, modify, or delete chatbot configuration and content, disrupting site functionality or exposing sensitive data.", "risk_and_exploitability": "The CVSS base score of 5.3 indicates a moderate level of risk. The EPSS score of less than 1% suggests that exploitation is currently rare, and the vulnerability is not listed in the CISA KEV catalog. The apparent attack vector is likely via the plugin\u2019s administrative interface; any user who can reach that interface can exploit the lack of authorization checks to gain unauthorized privileges. Because the issue stems from incorrectly configured access control, the attacker does not need to bypass authentication, making exploitation easier in a poorly secured environment."}}}}, "created": "2026-02-20T10:08:50.437865+00:00", "updated": "2026-04-16T00:30:18.865482+00:00", "vendors": ["ays_pro", "ays_pro$PRODUCT$ai_chatbot_with_chatgpt_and_content_generator_by_ays", "wordpress", "wordpress$PRODUCT$wordpress"]}