Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
WordPress AI ChatBot plugin exposes ChatGPT API key to hackers
CVE-2026-1336
Summary
A security issue in the AI ChatBot plugin for WordPress allows unauthorized access to the ChatGPT API key, which could lead to sensitive data exposure. This affects all versions up to 2.7.5. Update to version 2.7.6 or later to fix the issue.
Original title
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and ...
Original description
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and get_chatgpt_api_key() functions in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to view, modify or delete the plugin's ChatGPT API key.
The vulnerability was partially fixed in version 2.7.5 and fully fixed in version 2.7.6
The vulnerability was partially fixed in version 2.7.5 and fully fixed in version 2.7.6
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026