AI Threat Alert

CVE-2025-31843: OpenAI WP Plugin: broken access control on AI settings

MEDIUM
Published April 1, 2025
CISO Take

WordPress sites running OpenAI Tools for WooCommerce (≤2.1.5) allow any authenticated user to invoke AI admin functions reserved for privileged roles. Update immediately and rotate your OpenAI API key as a precaution. Review OpenAI API usage logs for anomalous call volumes that may indicate prior exploitation or API credit abuse.

What is the risk?

Medium risk in isolation, elevated in AI context. Any authenticated WordPress user—a registered WooCommerce customer with subscriber role—can exploit this to interact with OpenAI API endpoints or modify AI tool settings without admin privileges. Real-world risk includes API credit exhaustion and unauthorized manipulation of AI-driven e-commerce features. Not in CISA KEV; no public evidence of active exploitation, but low-skill barrier makes opportunistic abuse likely.

How severe is it?

CVSS 3.1
4.3 / 10
EPSS
0.3%
chance of exploitation in 30 days
Higher than 26% of all CVEs
Source: EPSS v3 — FIRST.org
Exploitation Status
No known exploitation
Sophistication
Trivial

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC Low
PR Low
UI None
S Unchanged
C None
I Low
A None

What should I do?

5 steps

  1. Update OpenAI Tools for WordPress & WooCommerce to the latest patched version (>2.1.5) immediately—patch available via WordPress plugin repository.

  2. If patching is delayed, restrict plugin functionality to admin roles via a WAF rule or capability filter hook.

  3. Rotate your OpenAI API key and configure usage limits and spend alerts in the OpenAI dashboard.

  4. Audit WordPress user roles and remove unnecessary accounts, especially in WooCommerce customer pools.

  5. Review OpenAI API usage logs for the exposure window to detect anomalous call patterns.

What does CISA's SSVC say?

Decision Track
Exploitation none
Automatable No
Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

How is it classified?

Auth Bypass DoS Plugin API AML.T0034 AML.T0040 AML.T0049

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act
Article 15 - Accuracy, robustness and cybersecurity
ISO 42001
A.6.1 - Policies for information security
NIST AI RMF
GOVERN 1.2 - Accountability structures are in place so that the appropriate teams and individuals are empowered, responsible, and trained for mapping, measuring, and managing AI risks
OWASP LLM Top 10
LLM06 - Excessive Agency

Frequently Asked Questions

What is CVE-2025-31843?

WordPress sites running OpenAI Tools for WooCommerce (≤2.1.5) allow any authenticated user to invoke AI admin functions reserved for privileged roles. Update immediately and rotate your OpenAI API key as a precaution. Review OpenAI API usage logs for anomalous call volumes that may indicate prior exploitation or API credit abuse.

Is CVE-2025-31843 actively exploited?

No confirmed active exploitation of CVE-2025-31843 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-31843?

1. Update OpenAI Tools for WordPress & WooCommerce to the latest patched version (>2.1.5) immediately—patch available via WordPress plugin repository. 2. If patching is delayed, restrict plugin functionality to admin roles via a WAF rule or capability filter hook. 3. Rotate your OpenAI API key and configure usage limits and spend alerts in the OpenAI dashboard. 4. Audit WordPress user roles and remove unnecessary accounts, especially in WooCommerce customer pools. 5. Review OpenAI API usage logs for the exposure window to detect anomalous call patterns.

What systems are affected by CVE-2025-31843?

This vulnerability affects the following AI/ML architecture patterns: LLM API integrations, WordPress AI plugins, E-commerce AI automation.

What is the CVSS score for CVE-2025-31843?

CVE-2025-31843 has a CVSS v3.1 base score of 4.3 (MEDIUM). The EPSS exploitation probability is 0.35%.

What is the AI security impact?

Affected AI Architectures

LLM API integrationsWordPress AI pluginsE-commerce AI automation

MITRE ATLAS Techniques

AML.T0034 Cost Harvesting
AML.T0040 AI Model Inference API Access
AML.T0049 Exploit Public-Facing Application

Compliance Controls Affected

EU AI Act: Article 15
ISO 42001: A.6.1
NIST AI RMF: GOVERN 1.2
OWASP LLM Top 10: LLM06

What are the technical details?

Original Advisory

Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through 2.1.5.

Exploitation Scenario

An adversary registers or compromises a low-privilege WooCommerce customer account on a target WordPress site. They send crafted HTTP POST requests to plugin AJAX endpoints that lack capability checks, invoking OpenAI API calls or modifying AI configuration settings without admin authorization. Attack requires no special tooling—standard browser dev tools or Burp Suite suffice. Adversary can exhaust OpenAI API credits (financial harm to the site owner), exfiltrate API key configuration, or inject manipulated AI-generated content into product listings at scale.

Weaknesses (CWE)

CWE-862 Missing Authorization

CWE-862 — Missing Authorization: The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

  • [Architecture and Design] Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries. Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
  • [Architecture and Design] Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Timeline

Published
April 1, 2025
Last Modified
April 1, 2025
First Seen
April 1, 2025

Related Vulnerabilities

CRITICAL CVE-2026-21858 10.0

n8n: Input Validation flaw enables exploitation

Same attack type: Auth Bypass
CRITICAL GHSA-vvpj-8cmc-gx39 10.0

picklescan: security flaw enables exploitation

Same attack type: Auth Bypass
CRITICAL CVE-2025-2828 10.0

LangChain RequestsToolkit: SSRF exposes cloud metadata

Same attack type: Auth Bypass
CRITICAL CVE-2025-53767 10.0

Azure OpenAI: SSRF EoP, no auth required (CVSS 10)

Same attack type: Auth Bypass
CRITICAL CVE-2026-26030 10.0

semantic-kernel: Code Injection enables RCE

Same attack type: Auth Bypass
Back to Threat Feed