Lucene search
+L

219 matches found

NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39506

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39506 WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.23 views

CVE-2026-39506 WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin AI Engine (Pro) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.13 views

PT-2026-31135

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

5.9AI score0.00165EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/28 7:7 a.m.7 views

WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin AI Engine Pro versions 3.4.2...

4.3CVSS5.9AI score0.00165EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.10 views

CVE-2026-23802

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

9.1CVSS5.8AI score0.00465EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.9 views

EUVD-2026-9598

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

5.9AI score0.00465EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.14 views

CVE-2026-23802

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

9.1CVSS0.00465EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.3 views

CVE-2026-23802 WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

9.1CVSS5.8AI score0.00465EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.32 views

CVE-2026-23802 WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

9.1CVSS0.00465EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.174 views

📄 WordPress AI Engine: ChatGPT Chatbot 1.9.98 Shell Upload

This is a proof of concept that demonstrates the CVE-2023-51409 vulnerability in the WordPress AI Engine plugin in a controlled, safe, and non-destructive manner. It detects the plugin, tests unauthenticated access to the vulnerable endpoint, performs safe file uploads with non-executable content...

10CVSS5.9AI score0.65046EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.125 views

📄 WordPress AI Engine 3.1.3 Add Admin / Shell Upload

The AI Engine WordPress plugin version 3.1.3 exposes an MCP JSON RPC endpoint allowing unauthenticated calls to administrative functions. An attacker can remotely create an administrator account then upload a malicious plugin or payload to obtain full remote code execution on the WordPress Server...

9.8CVSS6.6AI score0.75063EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.224 views

📄 WordPress AI Engine 3.0.0 Shell Upload

This Metasploit module exploits an unauthenticated file upload vulnerability in the WordPress AI Engine plugin versions prior to 3.0.0. The plugin's REST API endpoint /wp-json/mwai-ui/v1/files/upload fails to properly validate authentication, allowing attackers to upload arbitrary files including...

10CVSS6.6AI score0.65046EPSS
Exploits4
Patchstack
Patchstack
added 2026/02/25 8:20 a.m.8 views

WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin AI Engine versions = 3.3.2...

9.1CVSS5.9AI score0.00465EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.8 views

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 8:26 a.m.18 views

CVE-2026-1400

CVE-2026-1400 – AI Engine (WordPress) Arbitrary File Upload Summary: The AI Engine – The Chatbot and AI Framework for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in rest_helpers_update_media_metadata. Affected versions are up to 3.3.2. What’s vulne...

7.2CVSS6.5AI score0.00667EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/28 6:44 a.m.13 views

WordPress AI Engine plugin <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by type5afe in WordPress Plugin AI Engine versions = 3.3.2...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.23 views

WordPress Plugin AI Engine – The Chatbot and AI Framework for WordPress Code Issues and Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

7.2CVSS6AI score0.00667EPSS
Exploits0References5
NVD
NVD
added 2026/01/27 7:16 p.m.10 views

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00181EPSS
Exploits0References3
Rows per page
Query Builder