The MxChat – AI Chatbot for WordPress plugin contains a blind Server‑Side Request Forgery vulnerability that permits an unauthenticated attacker to trigger the mxchat_handle_chat_request AJAX action to send HTTP requests to any destination; the flaw originates from insufficient validation of user‑supplied URLs in the plugin’s PDF processing logic and is classified as CWE‑918. Because the server’s responses are not returned to the attacker, exploitation is silent, yet it can be used to probe internal networks, exfiltrate data, or hinder other services that the server can reach.

All publicly available releases of the plugin up to and including version 2.4.6 are affected. The vendor, MXChat, markets the product under the name “MxChat – AI Chatbot & Content Generation for WordPress.” Users who have installed these versions on their WordPress sites with remote access should consider remediation immediately. While the advisory does not confirm that newer releases are fixed, administrators should verify their installed version and seek an updated release from the plugin repository.

The vulnerability has a CVSS score of 5.3, indicating moderate severity, and an EPSS score of less than 1 %, signifying a very low likelihood of exploitation in the wild. It is not listed in CISA’s KEV catalog, further underscoring its limited exploitation appetite. The attack vector is straightforward: any party that can reach the WordPress site can invoke the vulnerable AJAX endpoint and make the server act as an outbound proxy. Detection is challenging due to its blind nature, so monitoring outbound traffic or applying mitigations such as URL validation or restricting outbound requests is advisable.