CVE-2025-13381
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-11-27
Assigner: Wordfence
Description
Description
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload media files.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ays | wordpress_plugin_chatbot | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress, where a missing capability check on the 'ays_chatgpt_save_wp_media' function allows unauthenticated attackers to upload media files to the site.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to upload unauthorized media files to your WordPress site, potentially leading to malicious content being hosted or executed, which can compromise the site's integrity and security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70