CVE-2025-13378: The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forge
Summary
CVE-2025-13378 is a vulnerability in the AI ChatBot with ChatGPT and Content Generator plugin for WordPress that allows SSRF (server-side request forgery, where an attacker tricks a server into making unwanted network requests on their behalf). The vulnerability exists in the plugin code, with references to affected code in versions 2.6.9 and earlier.
Solution / Mitigation
The vulnerability was fixed in version 2.7.1, as shown by the changeset comparison between version 2.6.9 and version 2.7.1 of the admin file in the WordPress plugin repository.
Vulnerability Details
6.5(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-13378
First tracked: February 15, 2026 at 08:50 PM
Classified by LLM (prompt v3) · confidence: 75%