Lucene search
K

216 matches found

NVD
NVD
added 15 hours ago6 views

CVE-2026-12511

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 15 hours ago3 views

CVE-2026-12511

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 15 hours ago11 views

CVE-2026-12511 AI Engine < 3.5.5 - Editor+ Arbitrary File Write via Path Traversal

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

Exploits0References1
CVE
CVE
added 15 hours ago11 views

CVE-2026-12511

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 15 hours ago5 views

EUVD-2026-43626

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added yesterday116 views

Jordy Meow AI Engine - Unrestricted File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine- ChatGPT Chatbot.This issue affects AI Engine- ChatGPT Chatbot- from n/a through 1.9.98. id: CVE-2023-51409 info: name: Jordy Meow AI Engine - Unrestricted File Upload author: pussycat0x severity: critical...

10CVSS7AI score0.65046EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday25 views

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7AI score0.75063EPSS
Exploits5References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36916

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS5.2AI score0.00393EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-27407

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS0.00393EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.29 views

CVE-2026-27407

CVE-2026-27407 concerns the WordPress AI Engine plugin, affected versions

7.2CVSS5.2AI score0.00393EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/28 8:57 a.m.14 views

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin AI Engine versions = 3.4.9...

7.2CVSS5.8AI score0.00393EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.13 views

CVE-2026-8719

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/18 3:18 a.m.16 views

WordPress AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin 3.4.9-3.4.9 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AI Engine versions 3.4.9-3.4.9...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/17 2:27 a.m.23 views

EUVD-2026-30678

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.22 views

PT-2026-41513

Name of the Vulnerable Software and Affected Versions The AI Engine – The Chatbot, AI Framework & MCP for WordPress version 3.4.9 Description Missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path allows authenticated users with Subscriber privileges or higher t...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.3 views

CVE-2026-39506

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39506

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39506 WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.22 views

CVE-2026-39506 WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS0.00165EPSS
Exploits0References1
Rows per page
Query Builder