WP Travel Engine <= 5.7.9 - SQL Injection

WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin AI Engine versions = 3.4.9...

CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

WordPress WP Travel Engine - Travel and Tour Booking Plugin plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode vulnerability

WordPress WP Travel Engine - Travel and Tour Booking Plugin plugin = 6.7.5 - Authenticated Contributor+ Stored Cross-Site Scripting via wtetriptax Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Travel Engine versions = 6.7.5...

PT-2026-30314

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte trip tax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin WP Travel Engine – Tour Booking Plugin – Tour Operator Software 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-23802 WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

EUVD-2026-4890

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...

WordPress AI Engine plugin <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by type5afe in WordPress Plugin AI Engine versions = 3.3.2...

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

CVE-2026-0746

CVE-2026-0746 : The WordPress AI Engine plugin (

CVE-2023-49652

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...

Arbitrary Code Execution

Jenkins Templating Engine Plugin is vulnerable to Arbitrary Code Execution. The vulnerability is due to libraries defined in folders not being subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the Jenkins controller JVM...

WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE

This module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions use exploit/multi/http/wpaienginemcprce msf exploitwpaienginemcprce show targets ...targets... msf exploitwpaienginemcprce set TARGET msf exploitwpaienginemcprce show options ...show and set options...

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

WordPress AI Engine plugin server-side request forgery vulnerability

WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...

CVE-2025-8084

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

CVE-2025-8084

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

CVE-2025-12844

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...