Vulners
Lucene search
CVE-2025-23968
🗓️ 03 Jul 2025 18:49:18Reported by PatchstackType 
cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 22 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Exploit for CVE-2025-23968 | 3 Jul 202519:34 | – | githubexploit |
 | CVE-2025-23968 | 3 Jul 202521:40 | – | circl |
 | WordPress plugin AiBud WP 代码问题漏洞 | 3 Jul 202500:00 | – | cnnvd |
 | CVE-2025-23968 WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability | 3 Jul 202518:49 | – | cvelist |
 | EUVD-2025-19896 | 3 Oct 202520:07 | – | euvd |
 | CVE-2025-23968 | 3 Jul 202519:15 | – | nvd |
 | 📄 AI Plugins 1.10.9 Shell Upload | 3 Dec 202500:00 | – | packetstorm |
| 📄 WordPress AI Buddy 1.8.5 Shell Upload | 5 Dec 202500:00 | – | packetstorm |
| 📄 WordPress AI Buddy 1.8.5 Shell Upload | 4 Mar 202600:00 | – | packetstorm |
| 📄 WordPress AI Bud 1.8.5 Shell Upload | 4 Mar 202600:00 | – | packetstorm |
10
Node
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "aibuddy-openai-chatgpt",
"product": "AiBud WP",
"vendor": "WebFactory",
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| log | request body | /wp-login.php | Unauthenticated credential access potentially leading to session establishment for further exploitation. | CWE-434 |
| pwd | request body | /wp-login.php | Unauthenticated credential access potentially leading to session establishment for further exploitation. | CWE-434 |
| wp-submit | request body | /wp-login.php | Unauthenticated credential access potentially leading to session establishment for further exploitation. | CWE-434 |
| redirect_to | request body | /wp-login.php | Unauthenticated credential access potentially leading to session establishment for further exploitation. | CWE-434 |
| testcookie | request body | /wp-login.php | Unauthenticated credential access potentially leading to session establishment for further exploitation. | CWE-434 |
| title | request body | /wp-json/ai-buddy/v1/wp/attachments | AI Buddy attachment creation endpoint used to upload a web shell via crafted payload. | CWE-434 |
| caption | request body | /wp-json/ai-buddy/v1/wp/attachments | AI Buddy attachment creation endpoint used to upload a web shell via crafted payload. | CWE-434 |
| alt | request body | /wp-json/ai-buddy/v1/wp/attachments | AI Buddy attachment creation endpoint used to upload a web shell via crafted payload. | CWE-434 |
| description | request body | /wp-json/ai-buddy/v1/wp/attachments | AI Buddy attachment creation endpoint used to upload a web shell via crafted payload. | CWE-434 |
| url | request body | /wp-json/ai-buddy/v1/wp/attachments | AI Buddy attachment creation endpoint used to upload a web shell via crafted payload. | CWE-434 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Apr 2026 16:11Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.19.1
EPSS0.00469
SSVC