📄 WordPress Cibeles AI 1.10.8 Shell Upload

An unauthenticated arbitrary file upload vulnerability exists in the Cibeles AI plugin for WordPress versions 1.10.8 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to...

📄 AI Plugins 1.10.9 Shell Upload

This Metasploit module exploits unauthenticated arbitrary file upload vulnerabilities in multiple WordPress AI plugins including Cibeles AI, AI Feeds, and AI Buddy. The vulnerabilities allow attackers to upload PHP webshells via GitHub integration functionality...

WordPress CIBELES AI plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CIBELES AI plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The...

CVE-2025-13595

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

WordPress CIBELES AI plugin <= 1.10.8 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin CIBELES AI versions = 1.10.8...

EUVD-2025-199661

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

CVE-2025-13595

CIBELES AI WordPress plugin vulnerability (CVE-2025-13595) arises from a missing capability check in actualizador_git.php, affecting all versions up to 1.10.8. Unauthenticated attackers can perform arbitrary file uploads, enabling retrieval of GitHub repos and overwriting plugin files on the serv...

WordPress plugin CIBELES AI 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CIBELES AI plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The...

PT-2025-48093

Name of the Vulnerable Software and Affected Versions CIBELES AI plugin for WordPress versions through 1.10.8 Description The CIBELES AI plugin for WordPress has a flaw that allows unauthorized file uploads. This is due to a missing check for appropriate permissions within the actualizador git.ph...