CVE-2025-13378 | Ays AI ChatBot with ChatGPT and Content Generator Plugin ays_chatgpt_pinecone_upsert server-side request forgery

Inserito da Angelo Barbosa | Nov 27, 2025 | CVE

A vulnerability marked as critical has been reported in Ays AI ChatBot with ChatGPT and Content Generator Plugin up to 2.7.0 on WordPress. This affects the function ays_chatgpt_pinecone_upsert. Performing manipulation results in server-side request forgery.

This vulnerability is reported as CVE-2025-13378. The attack is possible to be carried out remotely. No exploit exists.

CVE-2025-13378 | Ays AI ChatBot with ChatGPT and Content Generator Plugin ays_chatgpt_pinecone_upsert server-side request forgery

Post correlati

CVE-2024-11727 | wpdevteam NotificationX Plugin up to 2.9.3 on WordPress Setting cross site scripting

CVE-2024-22871 | Clojure up to 1.20 clojure.core$partial$fn__5920 denial of service

CVE-2025-47229 | GNU PSPP up to 2.0.1 libpspp-core.a var_set_leave_quiet assertion

CVE-2024-45803 | Wire UI up to 1.19.2/2.1.2 Query Parameter /wireui/button label cross site scripting