Lucene search
+L

58 matches found

Wordfence Blog
Wordfence Blog
added 2025/11/04 6:13 p.m.16 views

100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in AI Engine WordPress Plugin

On October 4th, 2025, we received a submission for a Sensitive Information Exposure vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. This vulnerability can be exploited by unauthenticated attackers to extract the bearer token and then get full access to...

9.8CVSS7.7AI score0.75063EPSS
Exploits5
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2024-16174

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.0061EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-20373

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22507

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00505EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/05 9:31 p.m.5 views

CVE-2025-8268

The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the restlist and deletefiles functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded ...

6.5CVSS5.5AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2025/09/03 9:15 p.m.9 views

CVE-2025-8268

The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the restlist and deletefiles functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded ...

6.5CVSS0.00252EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.5 views

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS6.4AI score0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.11 views

CVE-2025-7847

The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the restsimpleFileUpload function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...

8.8CVSS7.2AI score0.01057EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/07/31 4:26 a.m.8 views

CVE-2025-7847 AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the restsimpleFileUpload function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...

8.8CVSS7.6AI score0.01057EPSS
Exploits2References5
CVE
CVE
added 2025/07/31 4:26 a.m.42 views

CVE-2025-7847

CVE-2025-7847 affects the WordPress AI Engine plugin versions 2.9.3–2.9.4. The issue is due to missing file type validation in the rest_simpleFileUpload() function, allowing authenticated attackers with Subscriber-level access (and above) to upload arbitrary files when REST API is enabled, potent...

8.8CVSS8AI score0.01057EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.24 views

PT-2025-31474 · WordPress · Ai Engine Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions 2.9.3 and 2.9.4 Description: The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest simpleFileUpload function. This allows authenticat...

8.8CVSS6.9AI score0.01057EPSS
Exploits2References14
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.9 views

WordPress plugin AI Engine 代码问题漏洞

WordPress AI Engine plugin is a WordPress plugin that integrates artificial intelligence features, providing chatbots, content generation, image generation and other features, supporting docking with OpenAI and other platforms. WordPress AI Engine plugin has a code execution vulnerability that...

8.8CVSS8.4AI score0.01057EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/07/26 9:35 a.m.19 views

CVE-2025-7780

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

6.5CVSS6.8AI score0.00505EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/24 9:22 a.m.4 views

CVE-2025-7780 Ai Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

6.5CVSS6.2AI score0.00505EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/24 9:22 a.m.28 views

CVE-2025-7780 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

6.5CVSS0.00505EPSS
Exploits0References5
CVE
CVE
added 2025/07/24 9:22 a.m.24 views

CVE-2025-7780

CVE-2025-7780 (AI Engine WordPress Plugin) is a vulnerability affecting versions up to 2.9.4 where the simpleTranscribeAudio endpoint does not validate URL schemes before invoking get_audio(), allowing authenticated users with Subscriber-level access or higher to read arbitrary files on the web s...

6.5CVSS6AI score0.00505EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.6 views

PT-2025-30656 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions through 2.9.4 Description: The AI Engine plugin for WordPress is susceptible to sensitive information exposure. The simpleTranscribeAudio API endpoint does not properly restrict URL schemes before...

6.5CVSS6AI score0.00505EPSS
Exploits0References2
OSV
OSV
added 2025/07/08 3:15 a.m.10 views

CVE-2025-5570

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/08 1:43 a.m.5 views

CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.5AI score0.0017EPSS
Exploits0References2
CVE
CVE
added 2025/07/08 1:43 a.m.38 views

CVE-2025-5570

CVE-2025-5570 (AI Engine plugin for WordPress) is a stored Cross-Site Scripting vulnerability in versions up to 2.8.4, caused by insufficient input sanitization and output escaping in the mwai_chatbot shortcode with the parameter ‘id’. Exploitation requires authentication at Subscriber level or h...

5.4CVSS5.6AI score0.0017EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder