CVE-2026-1336

Name of the Vulnerable Software and Affected Versions AYS ChatGPT plugin for WordPress versions up to and including 2.7.5

Description The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to missing capability checks within the store data() and get chatgpt api key() functions. This allows unauthenticated attackers to view, modify, or delete the plugin’s ChatGPT API key. The issue was partially addressed in version 2.7.5 and fully resolved in version 2.7.6.

Recommendations Update to version 2.7.6 or later.