A lot has been made about the possible security risk with code created by ChatGPT whether in WordPress plugins or otherwise. A more pedestrian risk is that WordPress plugins that interact with that are themselves insecure, whether written by ChatGPT or not. Last week, one of those plugins, AI Power, which is described by the developer as the “most popular, WordPress-based open-source AI solution” started introducing a serious vulnerability in to the 10,000+ websites using it. The vulnerability allows those logged in to WordPress to change arbitrary WordPress options (settings), which among other things could allow them to take over the website by allowing them to create new WordPress accounts with the Administrator role.

Our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities caught that. [Read more]