Impact
The vulnerability allows an attacker to delete any content on a WordPress site without authentication, directly compromising data integrity and availability. The flaw is rooted in a CWE‑862 unauthorized access issue where the plugin’s deletion routine can be invoked by an unauthenticated user through crafted requests.
Affected Systems
Affected systems are WordPress installations running the OpenAI Chatbot for WordPress – Helper plugin version 1.1.4 or earlier. The vendor is Merkulove, and the issue lies in the helper plugin’s content management functions.
Risk and Exploitability
The CVSS score of 7.5 indicates high severity, and no EPSS score is available, suggesting uncertainty about exploitation likelihood. The vulnerability is not listed in the KEV catalog. The attack vector is web‑based and requires no credentials; an unauthenticated attacker can trigger the deletion endpoint if the plugin is active, posing an elevated risk for sites with exposed plugin functionality.
OpenCVE Enrichment