CVE-2025-13378 - Vulnerability Details

- AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter

Description

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Published: 2025-11-27

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The AI ChatBot with ChatGPT and Content Generator by AYS exposes a Server‑Side Request Forgery vulnerability in all versions through the ays_chatgpt_pinecone_upsert function. An unauthenticated attacker can supply a crafted pinecone_url value and force the plugin to send HTTP requests from the WordPress host to arbitrary internal or external destinations. This enables the attacker to read or modify information on internal services, potentially exposing sensitive data or executing further attacks against resident infrastructure.

Affected Systems

The vulnerability affects the WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS in versions 2.7.0 and earlier. No other products or vendors are listed as affected.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity, and the EPSS score of less than 1 % reflects a very low probability of exploitation in the wild. The vulnerability is currently not included in the CISA KEV catalog, suggesting no known active exploitation. Based on the description, the likely attack vector is a remote attacker exploiting the plugin’s REST endpoint as an unauthenticated user; the exploit requires only basic HTTP requests and does not depend on privileged access. Detection would involve monitoring outbound traffic originating from the WordPress host to unknown destinations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ays-pro

AI ChatBot with ChatGPT and Content Generator by AYS

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.7.0

No data.

Vendor	Product	Confidence	Versions
Ays-pro	Ai Chatbot With Chatgpt	—	—
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the AI ChatBot plugin to version 2.7.1 or later, which contains the SSRF fix.
Restrict access to the administrative endpoints that trigger the Pinecone upsert operation so that only authenticated administrators can invoke them.
Deploy a web‑application firewall or network firewall rule that blocks the WordPress host from making outbound HTTP(s) requests to internal IP ranges or suspected sensitive hosts, thereby preventing successful SSRF traffic.

Generated by OpenCVE AI on April 22, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00157.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/tags/2.6.9/admin/class-chatgpt-assistant-admin.php#L3483
https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/trunk/admin/class-chatgpt-assistant-admin.php#L3483
https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/trunk/includes/class-chatgpt-assistant.php#L222
https://plugins.trac.wordpress.org/changeset/3402237/ays-chatgpt-assistant/tags/2.7.1/admin/class-chatgpt-assistant-admin.php?old=3382650&old_path=ays-chatgpt-assistant%2Ftags%2F2.6.9%2Fadmin%2Fclass-chatgpt-assistant-admin.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/293ad145-dc93-4d7a-83ba-78f8c730ed6d?source=cve

History

Wed, 03 Dec 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 27 Nov 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ays-pro Ays-pro ai Chatbot With Chatgpt Wordpress Wordpress wordpress
Vendors & Products		Ays-pro Ays-pro ai Chatbot With Chatgpt Wordpress Wordpress wordpress

Thu, 27 Nov 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Title		AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter
Weaknesses		CWE-918
References		https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/tags/2.6.9/admin/class-chatgpt-assistant-admin.php#L3483 https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/trunk/admin/class-chatgpt-assistant-admin.php#L3483 https://plugins.trac.wordpress.org/browser/ays-chatgpt-assistant/trunk/includes/class-chatgpt-assistant.php#L222 https://plugins.trac.wordpress.org/changeset/3402237/ays-chatgpt-assistant/tags/2.7.1/admin/class-chatgpt-assistant-admin.php?old=3382650&old_path=ays-chatgpt-assistant%2Ftags%2F2.6.9%2Fadmin%2Fclass-chatgpt-assistant-admin.php https://www.wordfence.com/threat-intel/vulnerabilities/id/293ad145-dc93-4d7a-83ba-78f8c730ed6d?source=cve
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

Subscriptions

Ays-pro Ai Chatbot With Chatgpt

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-11-27T09:27:48.378Z

Updated: 2026-04-08T16:43:17.117Z

Reserved: 2025-11-18T19:56:37.440Z

Link: CVE-2025-13378

Vulnrichment

Updated: 2025-12-03T17:08:50.603Z

NVD

Status : Deferred

Published: 2025-11-27T10:15:50.993

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-13378

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T16:30:22Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object