Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Exploit for CVE-2025-13597 | 25 Nov 202517:43 | – | githubexploit |
 | CVE-2025-13597 | 25 Nov 202521:00 | – | circl |
 | WordPress plugin AI Feeds 代码问题漏洞 | 25 Nov 202500:00 | – | cnnvd |
 | WordPress AI Feeds plugin arbitrary file upload vulnerability | 27 Nov 202500:00 | – | cnvd |
 | CVE-2025-13597 AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload | 25 Nov 202522:28 | – | cvelist |
 | EUVD-2025-199660 | 26 Nov 202500:30 | – | euvd |
 | CVE-2025-13597 | 25 Nov 202523:15 | – | nvd |
 | 📄 AI Plugins 1.10.9 Shell Upload | 3 Dec 202500:00 | – | packetstorm |
| 📄 WordPress AI Feeds 1.0.11 Shell Upload | 4 Mar 202600:00 | – | packetstorm |
 | WordPress AI Feeds plugin <= 1.0.11 - Unauthenticated Arbitrary File Upload vulnerability | 26 Nov 202506:48 | – | patchstack |
10
Node
[
{
"vendor": "soportecibeles",
"product": "AI Feeds",
"versions": [
{
"version": "0",
"status": "affected",
"lessThanOrEqual": "1.0.11",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| owner | query param | /wp-content/plugins/ai-feeds/actualizador_git.php | Unauthenticated GitHub-based file fetch/upload vulnerability leading to RCE (CVE-2025-13597) via actualizador_git.php | CWE-434 |
| repo | query param | /wp-content/plugins/ai-feeds/actualizador_git.php | Unauthenticated GitHub-based file fetch/upload vulnerability leading to RCE (CVE-2025-13597) via actualizador_git.php | CWE-434 |
| ref | query param | /wp-content/plugins/ai-feeds/actualizador_git.php | Unauthenticated GitHub-based file fetch/upload vulnerability leading to RCE (CVE-2025-13597) via actualizador_git.php | CWE-434 |
| token | query param | /wp-content/plugins/ai-feeds/actualizador_git.php | Unauthenticated GitHub-based file fetch/upload vulnerability leading to RCE (CVE-2025-13597) via actualizador_git.php | CWE-434 |
| cmd | query param | /wp-content/plugins/ai-feeds/shell.php | Web shell endpoint accessible after exploitation (allows executing commands via cmd parameter) | CWE-434 |
| action | query param | /wp-content/plugins/ai-feeds/advanced_shell.php | Advanced web shell endpoint with multiple actions exposed via GET params | CWE-434 |
| cmd | query param | /wp-content/plugins/ai-feeds/advanced_shell.php | Advanced web shell endpoint with multiple actions exposed via GET params | CWE-434 |
| dir | query param | /wp-content/plugins/ai-feeds/advanced_shell.php | Advanced web shell endpoint with multiple actions exposed via GET params | CWE-434 |
| file | query param | /wp-content/plugins/ai-feeds/advanced_shell.php | Advanced web shell endpoint with multiple actions exposed via GET params | CWE-434 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 08:34Current
6.9Medium risk
Vulners AI Score6.9
CVSS 3.19.8
EPSS0.00823
SSVC