AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-7714: The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseSeptember 27, 2024CVE-2024-7714

Summary

A WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' (versions before 2.1.0) has a security flaw where it doesn't properly check who is allowed to perform certain actions. This means someone without a user account can disconnect the plugin from OpenAI (the AI service it relies on), effectively breaking the chatbot. The vulnerable actions include connecting, disconnecting, and saving feedback.

Solution / Mitigation

Update the plugin to version 2.1.0 or later.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 23.9%

Classification

Attack Type

DoS

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedAPI

Affected Vendors

OpenAI

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Same vendorTechCrunch

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

First tracked: February 15, 2026 at 08:49 PM

Classified by LLM (prompt v3) · confidence: 85%