Vulnerabilities and security researches fors2b-ai-assistant s2b-ai-assistant

Dec 12, 2025

CVE, Research URL: CVE-2025-12973
Home page URL: Security reports for S2B AI Assistant – ChatGPT, OpenAI, Content & Image Generator
Application: S2B AI Assistant – ChatGPT, OpenAI, Content & Image Generator
Date: Nov 21, 2025
Research Description: The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: max 1.7.9.
Status: vulnerable