22 matches found
EUVD-2024-51555
Malicious code in bioql PyPI...
EUVD-2024-51554
Malicious code in bioql PyPI...
EUVD-2025-1662
Malicious code in bioql PyPI...
CVE-2024-13361
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2024-13360
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicgtroubleshootaddvector. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...
CVE-2025-0429
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2025-0429
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2024-13361
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2025-0428
The CVE refers to WordPress plugin AI Power: Complete AI Pack (up to version 1.8.96). It is vulnerable to PHP Object Injection via deserialization of untrusted data in $form['post_content'] through wpaicg_export_prompts, exploitable by authenticated admins. There is no POP chain in the plugin its...
CVE-2025-0428 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...
CVE-2025-0428 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...
CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2025-0429
CVE-2025-0429 affects the WordPress plugin AI Power: Complete AI Pack up to version 1.8.96 . The issue is a PHP Object Injection via deserialization of untrusted input from the form field $form['post_content'] inside the function wpaicg_export_ai_forms(). Exploitation requires an authenticated at...
CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2024-13360
CVE-2024-13360 affects the WordPress plugin AI Power: Complete AI Pack (≤ 1.8.96). It is vulnerable to Server-Side Request Forgery via the wpaicg_troubleshoot_add_vector() function, allowing authenticated users with subscriber-level or higher privileges to make web requests from the WordPress ins...
CVE-2024-13360 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicgtroubleshootaddvector. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...
CVE-2024-13361 AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2024-13361
CVE-2024-13361 involves the WordPress plugin “AI Power: Complete AI Pack.” The vulnerability arises from a missing capability check in wpaicg_save_image_media across versions up to 1.8.96, enabling authenticated attackers with Subscriber+ access to upload image files and embed shortcode attribute...
WordPress plugin AI Power 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...