CVE-2025-62154

The AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One plugin for WordPress, versions 1.1.7 and earlier, contains a missing authorization vulnerability [1]. This means that certain functions or endpoints lack proper access control checks, allowing exploitation of incorrectly configured access control security levels [Description].

The vulnerability is classified as a broken access control issue, where missing authorization, authentication, or nonce token checks can enable an unprivileged user (or possibly an unauthenticated attacker) to execute higher-privileged actions [1]. No authentication is required for exploitation, making the attack surface significant for any site running the vulnerable plugin [1].

As a medium-severity issue (CVSS 4.3), this vulnerability is noted to be used in mass-exploit campaigns, allowing attackers to target thousands of websites simultaneously [1]. The impact includes potential unauthorized modifications, data exposure, or other actions that should be restricted to authorized users [1].

Users are strongly advised to update the plugin immediately if a patched version becomes available. If an update is not possible, contacting the hosting provider or web developer for mitigation steps is recommended [1]. No other workarounds are detailed in the reference.