CVE-2024-7713: The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, al
highvulnerabilityLLM-Specific
security
Summary
A WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' versions before 2.1.0 has a vulnerability where it exposes the OpenAI API key (a secret credential used to access OpenAI's services) in cleartext (unencrypted, readable form), allowing anyone without authentication (login access) to steal it. This vulnerability is tracked as CVE-2024-7713 and was reported on September 27, 2024.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.4%
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Taxonomy References
CWE (Weakness Type)
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-7713
First tracked: February 15, 2026 at 08:50 PM
Classified by LLM (prompt v3) · confidence: 92%