We use cookies to improve your experience on our site.
AVID-2026-R1601
Description
AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls (CVE-2024-7714)
Details
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: ‘ays_chatgpt_disconnect’, ‘ays_chatgpt_connect’, and ‘ays_chatgpt_save_feedback’
Reason for inclusion in AVID: CVE-2024-7714 describes an unauthenticated access control vulnerability in a WordPress plugin that provides AI chatbot integration (AI/ML feature). It affects software components used to deploy AI features on websites; thus it’s a software supply chain item in AI systems. The vulnerability enables actions like disconnect/connect, effectively tampering with AI service. The report includes CVE and external references, indicating sufficient evidence.
References
Affected or Relevant Artifacts
- Developer: OpenAI
- Deployer: OpenAI
- Artifact Details:
| Type | Name |
|---|---|
| System | AI ChatBot with ChatGPT and Content Generator by AYS |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-09-27
- Version: 0.3.3
- AVID Entry