Lucene search
K

211 matches found

RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.20 views

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS5.9AI score0.00461EPSS
Exploits1References1
NVD
NVD
added 2025/11/25 8:15 a.m.18 views

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS0.00461EPSS
Exploits1References6
CVE
CVE
added 2025/11/25 7:28 a.m.29 views

CVE-2025-13380

The CVE-2025-13380 entry affects the WordPress plugin AI Engine for WordPress: ChatGPT, GPT Content Generator, vulnerable in all versions up to 1.0.1. Root cause is insufficient validation of user-supplied file paths in the lqdai_update_post AJAX endpoint and use of file_get_contents() with user-...

6.5CVSS5.5AI score0.00461EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.20 views

CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS0.00461EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.11 views

CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS5.4AI score0.00461EPSS
Exploits1References6
Patchstack
Patchstack
added 2025/11/25 7:21 a.m.11 views

WordPress AI Engine for WordPress: ChatGPT, GPT Content Generator plugin <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Ryan Kozak in WordPress Plugin AI Engine for WordPress: ChatGPT, GPT Content Generator versions = 1.0.1...

6.5CVSS7AI score0.00461EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2025/11/20 2:17 a.m.156 views

Exploit for CVE-2025-13380

AI Engine for WordPress: ChatGPT, GPT Content Generator true,...

6.5CVSS6.5AI score0.00461EPSS
Exploits1
CNVD
CNVD
added 2025/11/20 12:0 a.m.4 views

WordPress AI Engine plugin server-side request forgery vulnerability

WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...

6.8CVSS6.7AI score0.00376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 1:22 p.m.8 views

CVE-2025-8084

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS5.7AI score0.00376EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 3:30 p.m.6 views

EUVD-2025-197990

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS5.3AI score0.00376EPSS
Exploits0References4
NVD
NVD
added 2025/11/18 3:16 p.m.7 views

CVE-2025-8084

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS0.00376EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/18 12:29 p.m.3 views

CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS5.4AI score0.00376EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 12:29 p.m.20 views

CVE-2025-8084

CVE-2025-8084 affects the WordPress AI Engine plugin. All versions up to and including 3.1.8 are vulnerable to Server-Side Request Forgery via the rest_helpers_create_images function. An authenticated attacker with Editor-level access or higher can cause the web application to issue requests to a...

6.8CVSS5.4AI score0.00376EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 12:29 p.m.11 views

CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS0.00376EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47305

Name of the Vulnerable Software and Affected Versions AI Engine plugin for WordPress versions through 3.1.8 Description The AI Engine plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in all versions up to and including 3.1.8. This issue is present in the rest helpers create...

6.8CVSS5.9AI score0.00376EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

WordPress plugin AI Engine 代码问题漏洞

WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...

6.8CVSS6.3AI score0.00376EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/14 8:10 a.m.7 views

CVE-2025-12844

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...

7.1CVSS7AI score0.00411EPSS
Exploits0References1
NVD
NVD
added 2025/11/13 8:15 a.m.5 views

CVE-2025-12844

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...

7.1CVSS0.00411EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/13 7:27 a.m.8 views

EUVD-2025-158262

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...

7.1CVSS6.5AI score0.00411EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/13 7:27 a.m.6 views

CVE-2025-12844 AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...

7.1CVSS6.6AI score0.00411EPSS
Exploits0References6
Rows per page
Query Builder