WordPress AI Puffer – Chat. Create. Automate. (formerly AI Power) plugin <= 1.8.99 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin GPT3 AI Content Writer versions = 1.8.99...

EUVD-2023-56240

Malicious code in bioql PyPI...

EUVD-2024-51555

Malicious code in bioql PyPI...

EUVD-2024-51554

Malicious code in bioql PyPI...

EUVD-2023-56239

Malicious code in bioql PyPI...

EUVD-2025-1662

Malicious code in bioql PyPI...

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2024-13360

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicgtroubleshootaddvector. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

CVE-2023-51527

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2...

CVE-2023-51528

Cross-Site Request Forgery CSRF vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12...

CVE-2025-0429

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...

CVE-2025-0428

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...

CVE-2025-0429

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-0428 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...

CVE-2025-0428 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...

CVE-2025-0428

The CVE refers to WordPress plugin AI Power: Complete AI Pack (up to version 1.8.96). It is vulnerable to PHP Object Injection via deserialization of untrusted data in $form['post_content'] through wpaicg_export_prompts, exploitable by authenticated admins. There is no POP chain in the plugin its...

CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...

CVE-2025-0429

CVE-2025-0429 affects the WordPress plugin AI Power: Complete AI Pack up to version 1.8.96 . The issue is a PHP Object Injection via deserialization of untrusted input from the form field $form['post_content'] inside the function wpaicg_export_ai_forms(). Exploitation requires an authenticated at...

CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...