WordPress 7.0 Faces Security Concerns Over AI API Keys via @sejournal, @martinibuster

Oliver Sild, founder of Patchstack WordPress security company, shared concerns about the security of AI API keys in WordPress 7.0, sharing that there “will be an absolute rush by hackers to steal API keys.” To underline this point, an actual security bug was discovered in WordPress 7.0 that exposes API keys.

AI API Keys Are Valuable

AI API Keys are secure passwords (keys) that enable a WordPress plugin or theme to interact with an AI like Claude, OpenAI, or Gemini. An API key enables an AI company to bill users for using their systems, which is separate and in addition to the all-you-can-eat model of their monthly plans.

AI API keys are highly valuable assets that can be worth tens of thousands of dollars. Hackers steal AI API keys to power networks of AI bots that engage potential victims on social media and dating apps, running thousands of conversations with their targets. They also use stolen AI API keys to conduct scaled phishing campaigns, write malware, and it can also be used to access sensitive data that’s connected to the AI implementation in a WordPress site.

Patchstack founder Oliver Sild warned that WordPress vulnerabilities could become far more valuable to attackers now that websites are becoming increasingly connected to large language models and paid AI APIs.

Sild posted on X:

“WordPress 7.0 combined with plugin vulnerabilities = free AI tokens. There will be an absolute rush by hackers to steal API keys.”

WordPress co-founder Matt Mullenweg pushed back against the idea that WordPress sites are broadly insecure, insisting that the “vast majority” of WordPress sites are secure and saying that he’s run some WordPress sites for over 20 years that have never been hacked.

That may be true, but Automattic’s WordPress.com servers had a security incident in 2011 that exposed sensitive information.

WordPress 7.0 AI-Related Security Bug Surfaces

A newly reported WordPress 7.0 security bug involving AI API key exposure shows that the potential for security issues are real. This specific security issue surfaced in the AI integration setup form which enables a browser to autofill the AI API key, visually exposing it in the browser window. The report explains that the issue could expose credentials during screen sharing, on shared computers, or to anyone with access to an active browser session.

The official WordPress GitHub report explains what the security issue is:

“When entering an API key in the integration setup form (Anthropic provider), the API key value appears in the browser autocomplete/autofill suggestion dropdown in plain text. This can expose sensitive credentials to anyone with access to the browser session or screen.

The API key field should behave like a secure password field and should not display previously entered values as suggestions.”

A New Era Of WordPress Attacks

Oliver Sild also raised concerns in the Dynamic WordPress Facebook group about how AI integrations may change the economics of exploiting WordPress sites.

Sild argued that software vulnerabilities are already the leading cause of security breaches and warned that AI-connected WordPress sites are now significantly more attractive targets because they may contain access to valuable AI services and API credentials.

He also predicted that more threat actors would begin targeting WordPress sites specifically for AI-related credentials and services.

Other developers joined the discussion and expanded it beyond individual vulnerabilities into broader software architectural concerns about how WordPress handles secrets, plugin permissions, and database access.

Andrei Lupu warned that once attackers obtain database access, protecting secrets becomes extremely difficult:

“The reality is that once they have access to db, you are doomed. We need to work on best best practices to prevent that.”

Steve Jones of Equalize Digital suggested WordPress may eventually need a more granular permissions model controlling which plugins and themes can access sensitive services or credentials.

Sild responded that solving the problem would likely require a major architectural overhaul because plugin vulnerabilities that expose database access or administrator privileges effectively compromise the entire site.

Brian Coords, a developer advocate at WooCommerce, joined the discussion to explore whether there are practical ways to isolate API keys without redesigning WordPress itself. But he also acknowledged that arbitrary PHP execution makes the problem difficult to solve because malicious code could still invoke API calls directly from the compromised site.

He shared:

“This applies to secrets pretty generally in WordPress. Is there a solution that doesn’t require a full architectural overhaul?

…Just thinking through it, even if you could theoretically hide the keys and connections themselves outside the environment, even the ability to add PHP to a site means you could still include malicious code make the calls from the site itself.”

WordPress’s AI-Era Architecture

The problem for WordPress is that its plugin trust model was designed before websites contained monetizable AI credentials, connected to automation systems, or envisioned direct access to third-party LLM services.

That does not mean that WordPress 7.0 is insecure by default. As Mullenweg insisted, properly maintained WordPress sites can remain secure. But keeping a site frequently updated doesn’t guarantee that a WordPress site will evade getting hacked. A recent report by Patchstack said that hackers are increasing the speed at which they attack websites in order to exploit the brief window of opportunity between the time a vulnerability is discovered and the moment a site owner gets around to updating their site.

AI API Keys Make WordPress A Bigger Target

One of the takeaways here are that many site owners are unaware of how API keys work, that using them isn’t free. Using AI on a WordPress site can potentially lead to theft of thousands of dollars in AI use. Even a site that doesn’t have sensitive information to steal now becomes a valuable target if they are using an AI key to accomplish tasks like scale meta descriptions across a site or to help with building the website itself.

Featured Image by Shutterstock/Yuriy2012