We use cookies to improve your experience on our site.
AVID-2026-R1600
Description
AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure (CVE-2024-7713)
Details
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
Reason for inclusion in AVID: CVE-2024-7713 describes an unauthenticated disclosure of an OpenAI API key via a WordPress plugin that integrates with AI services. This concerns a software component used in AI workflows (connecting to OpenAI APIs), representing a vulnerability within the AI software supply chain (dependency/plugin used to build/run AI features). It is a security/safety vuln (credential leakage that enables misuse of AI services). The report provides explicit evidence (unauthenticated key disclosure) to support this.
References
Affected or Relevant Artifacts
- Developer: OpenAI
- Deployer: OpenAI
- Artifact Details:
| Type | Name |
|---|---|
| System | AI ChatBot with ChatGPT and Content Generator by AYS |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-09-27
- Version: 0.3.3
- AVID Entry