211 matches found
CVE-2025-13380
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-13380
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-13380
The CVE-2025-13380 entry affects the WordPress plugin AI Engine for WordPress: ChatGPT, GPT Content Generator, vulnerable in all versions up to 1.0.1. Root cause is insufficient validation of user-supplied file paths in the lqdai_update_post AJAX endpoint and use of file_get_contents() with user-...
CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
WordPress AI Engine for WordPress: ChatGPT, GPT Content Generator plugin <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read vulnerability
Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Ryan Kozak in WordPress Plugin AI Engine for WordPress: ChatGPT, GPT Content Generator versions = 1.0.1...
Exploit for CVE-2025-13380
AI Engine for WordPress: ChatGPT, GPT Content Generator true,...
WordPress AI Engine plugin server-side request forgery vulnerability
WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...
CVE-2025-8084
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...
EUVD-2025-197990
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...
CVE-2025-8084
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...
CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...
CVE-2025-8084
CVE-2025-8084 affects the WordPress AI Engine plugin. All versions up to and including 3.1.8 are vulnerable to Server-Side Request Forgery via the rest_helpers_create_images function. An authenticated attacker with Editor-level access or higher can cause the web application to issue requests to a...
CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...
PT-2025-47305
Name of the Vulnerable Software and Affected Versions AI Engine plugin for WordPress versions through 3.1.8 Description The AI Engine plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in all versions up to and including 3.1.8. This issue is present in the rest helpers create...
WordPress plugin AI Engine 代码问题漏洞
WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...
CVE-2025-12844
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...
CVE-2025-12844
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...
EUVD-2025-158262
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...
CVE-2025-12844 AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...