Description
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.
Published: 2026-07-02
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to delete any content on a WordPress site without authentication, directly compromising data integrity and availability. The flaw is rooted in a CWE‑862 unauthorized access issue where the plugin’s deletion routine can be invoked by an unauthenticated user through crafted requests.

Affected Systems

Affected systems are WordPress installations running the OpenAI Chatbot for WordPress – Helper plugin version 1.1.4 or earlier. The vendor is Merkulove, and the issue lies in the helper plugin’s content management functions.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, and no EPSS score is available, suggesting uncertainty about exploitation likelihood. The vulnerability is not listed in the KEV catalog. The attack vector is web‑based and requires no credentials; an unauthenticated attacker can trigger the deletion endpoint if the plugin is active, posing an elevated risk for sites with exposed plugin functionality.

Generated by OpenCVE AI on July 2, 2026 at 15:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of the OpenAI Chatbot for WordPress – Helper plugin that contains the deletion fix.
  • If no updated version is available, remove or disable the plugin until a patch is released.
  • Apply administrative authentication checks so that only authorized users can access the plugin’s deletion endpoint.
  • Maintain regular backups of site content and monitor logs for unexpected deletion activity to detect and recover from potential exploitation.

Generated by OpenCVE AI on July 2, 2026 at 15:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.
Title WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T12:13:33.033Z

Reserved: 2025-12-29T11:19:41.703Z

Link: CVE-2025-69134

cve-icon Vulnrichment

Updated: 2026-07-02T12:13:29.460Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:30:05Z

Weaknesses