CVE-2025-13378

Name of the Vulnerable Software and Affected Versions AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress versions prior to 2.7.1

Description The software is susceptible to a Server-Side Request Forgery (SSRF) issue. This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. Exploitation can lead to querying and modifying information from internal services through the ays chatgpt pinecone upsert function.

Recommendations Update to version 2.7.1 or later.