CVE-2025-13381: The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due t
Summary
The AI ChatBot with ChatGPT and Content Generator plugin for WordPress (versions up to 2.7.0) has a missing authorization check (a security control that verifies a user has permission to perform an action) in its 'ays_chatgpt_save_wp_media' function, allowing unauthenticated attackers to upload media files without logging in. This vulnerability affects all versions through 2.7.0.
Solution / Mitigation
Update to version 2.7.1 or later, which includes a fix for the missing authorization check as shown in the changeset referenced in the vulnerability report.
Vulnerability Details
5.3(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-13381
First tracked: February 15, 2026 at 08:50 PM
Classified by LLM (prompt v3) · confidence: 75%