CVE-2025-12973: The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitra
highvulnerabilityLLM-Specific
security
Summary
The S2B AI Assistant WordPress plugin (a tool that adds AI chatbot features to websites) has a vulnerability in versions up to 1.7.8 where it fails to check what type of files users are uploading. This allows editors and higher-level users to upload malicious files that could potentially let attackers run commands on the website server (remote code execution, or RCE).
Vulnerability Details
CVSS Score
7.2(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-12973
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 75%