S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image...

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Basic Information

ID CVE-2025-12973

Source Wordfence

Published Nov 21, 2025 at 16:28

Modified Nov 21, 2025 at 16:40

Affected Product

Vendor oc3dots

Product S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator

Version *

Affected Versions oc3dots S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator *

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "The S2B AI Assistant \u2013 ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.",
    "published": "2025-11-21T16:28:13.751Z",
    "modified": "2025-11-21T16:40:01.375Z",
    "type": "cve",
    "title": "S2B AI Assistant \u2013 ChatBot, ChatGPT, OpenAI, Content & Image Generator <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac9d2b64-aff6-418a-bfe7-ec91b177ad6b?source=cve\nhttps://plugins.trac.wordpress.org/browser/s2b-ai-assistant/trunk/lib/helpers/Utils.php\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399267%40s2b-ai-assistant&new=3399267%40s2b-ai-assistant&sfp_email=&sfph_mail=\nhttps://github.com/d0n601/CVE-2025-12973\nhttps://ryankozak.com/posts/cve-2025-12973/",
    "id": "CVE-2025-12973",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "oc3dots S2B AI Assistant \u2013 ChatBot, ChatGPT, OpenAI, Content & Image Generator *",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "S2B AI Assistant \u2013 ChatBot, ChatGPT, OpenAI, Content & Image Generator",
    "version": "*",
    "vendor": "oc3dots",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload_CVE-2025-12973