CVE-2024-7713

Published: Sep 27, 2024Modified: Mar 18, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it

Affected (1)

Products: Ays Pro: Chatgpt Assistant

Ays Pro

1 product

Chatgpt Assistant

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ays Pro Chatgpt Assistant	Before 2.1.0

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://wpscan.com/vulnerability/061eab97-4a84-4738-a1e8-ef9a1261ff73/

Source: contact@wpscan.com

Third Party Advisory

Timeline

No history available yet.