WordPress 7.0 Security Risk: AI API Keys Exposed

Oliver Sild, the founder of the WordPress security firm Patchstack, has raised a serious alarm about the security of AI API keys in WordPress 7.0, warning that there “will be an absolute rush by hackers to steal API keys.” His concerns are not hypothetical. A genuine security flaw has already been identified in the latest version of the CMS that directly exposes these valuable credentials.

AI API keys function as secure passwords that allow a WordPress plugin or theme to connect with services like Claude, OpenAI, or Gemini. They are separate from standard monthly subscriptions and are used by AI companies to bill for actual usage. This makes them incredibly valuable assets, sometimes worth tens of thousands of dollars. Hackers steal these keys to power automated bot networks on social media and dating apps, conduct large-scale phishing campaigns, write malware, and even access sensitive data linked to a site’s AI implementation.

Sild posted on X that the combination of WordPress 7.0 with plugin vulnerabilities essentially creates “free AI tokens” for attackers. While WordPress co-founder Matt Mullenweg pushed back, insisting that the “vast majority” of sites are secure and that he has run some for over 20 years without a breach, the reality is that Automattic’s own WordPress.com servers suffered a security incident in 2011 that exposed data.

A newly reported bug in WordPress 7.0 proves the risk is immediate. The issue lies in the AI integration setup form, where a browser’s autofill feature displays the AI API key in plain text within the suggestion dropdown. According to the official WordPress GitHub report, this exposes credentials during screen sharing, on shared computers, or to anyone with access to an active browser session. The API key field should behave like a secure password field, but it does not.

Sild further elaborated in the Dynamic WordPress Facebook group that AI integrations are fundamentally changing the economics of website exploitation. He argued that software vulnerabilities are already the leading cause of breaches, and AI-connected sites are now far more attractive targets because they contain access to valuable AI services. He predicted a surge in threat actors specifically targeting WordPress for AI-related credentials.

Other developers in the discussion expanded the focus beyond individual bugs to broader architectural concerns. Andrei Lupu noted that once attackers gain database access, protecting secrets becomes nearly impossible. Steve Jones of Equalize Digital suggested WordPress may need a more granular permissions model to control which plugins can access sensitive services. Sild responded that a major architectural overhaul is likely required, as plugin vulnerabilities that expose database or admin privileges effectively compromise the entire site.

Brian Coords, a developer advocate at WooCommerce, explored whether API keys could be isolated without redesigning WordPress. He concluded that arbitrary PHP execution makes it extremely difficult because malicious code could still invoke API calls directly from the compromised site. He stated that even if keys could be hidden outside the environment, the ability to add PHP to a site means you could still include malicious code to make those calls.

The core problem is that WordPress’s plugin trust model was designed before websites contained monetizable AI credentials or direct access to third-party LLM services. This does not mean WordPress 7.0 is inherently insecure. As Mullenweg noted, properly maintained sites can remain secure. However, a recent Patchstack report shows that hackers are accelerating their attacks to exploit the window between a vulnerability’s discovery and a site owner applying an update.

The key takeaway for site owners is that many are unaware of how API keys work and that using them is not free. A site without sensitive data becomes a valuable target simply because it holds an AI key used for tasks like scaling meta descriptions or building the website itself. The theft of such a key can lead to thousands of dollars in unauthorized AI usage, making security awareness more critical than ever.