AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-62039: Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseNovember 6, 2025CVE-2025-62039

Summary

A vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator (version 2.6.6 and earlier) allows sensitive information to be exposed when data is sent. The flaw, called CWE-201 (insertion of sensitive information into sent data), means attackers could potentially retrieve embedded sensitive data from the plugin.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

PII Leakage

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-201

Affected Vendors

Related Issues

medium

CVE-2026-2589: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure

Similar attackNVD/CVE Database

high

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

First tracked: February 15, 2026 at 08:50 PM

Classified by LLM (prompt v3) · confidence: 75%