CVE-2025-10705

Name of the Vulnerable Software and Affected Versions MxChat – AI Chatbot for WordPress plugin for WordPress versions up to and including 2.4.6

Description The software is susceptible to a Blind Server-Side Request Forgery due to inadequate validation of user-provided URLs within the PDF processing functionality. This allows unauthenticated attackers to compel the WordPress server to make HTTP requests to arbitrary destinations through the mxchat handle chat request AJAX action.

Recommendations Update to a version beyond 2.4.6.