3 matches found
CVE-2025-12844
creationtimestamp| type| source ---|---|--- 2025-11-13 09:03:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5isogjqt62w...
CVE-2025-12844 AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...
CVE-2025-12844
CVE-2025-12844 affects the WordPress plugin AI Engine (versions up to and including 3.1.8). It describes a PHP Object Injection via PHAR Deserialization in rest_simpleTranscribeAudio and rest_simpleVisionQuery. Impact is limited unless a PHP Object Injection (POP) chain exists in another plugin/t...