CVE-2024-7714

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

Description

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'

INFO

Published Date :

2024-09-27T06:00:06.287Z

Last Modified :

2025-08-27T12:00:34.973Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2024-7714 vulnerability.

Vendors	Products
Ays-pro	Ai Chatbot With Chatgpt Chatgpt Assistant

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7714.

URL	Resource
https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact