CVE-2025-62039: 
WordPress vulnerability analysis and mitigation

CVE-2025-62039 is a Sensitive Information Exposure vulnerability discovered in the Ays Pro AI ChatBot with ChatGPT and Content Generator WordPress plugin. The vulnerability affects versions up to and including 2.6.6, and was disclosed on October 11, 2025. This security issue is classified as CWE-201 (Insertion of Sensitive Information Into Sent Data) (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, and requires no user interaction. The impact primarily affects confidentiality, with no impact on integrity or availability (Rapid7).

The vulnerability allows unauthenticated attackers to extract sensitive user or configuration data from the affected WordPress installations. This exposure of sensitive information could potentially lead to further system compromises or unauthorized access to protected resources (Rapid7).

Users are advised to update to version 2.6.7 or later of the AI ChatBot with ChatGPT and Content Generator plugin to remediate this vulnerability. Patchstack has issued a mitigation rule to block potential attacks until users can update to the fixed version (Patchstack).