CVE-2025-7847

CVE-2025-7847 affects the WordPress AI Engine plugin versions 2.9.3–2.9.4. The issue is due to missing file type validation in the rest_simpleFileUpload() function, allowing authenticated attackers with Subscriber-level access (and above) to upload arbitrary files when REST API is enabled, potent...

WordPress plugin AI Engine 代码问题漏洞

WordPress AI Engine plugin is a WordPress plugin that integrates artificial intelligence features, providing chatbots, content generation, image generation and other features, supporting docking with OpenAI and other platforms. WordPress AI Engine plugin has a code execution vulnerability that...

PT-2025-31474 · WordPress · Ai Engine Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions 2.9.3 and 2.9.4 Description: The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest simpleFileUpload function. This allows authenticat...

CVE-2025-7780

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2025-7780 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2025-7780 Ai Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2025-7780

CVE-2025-7780 (AI Engine WordPress Plugin) is a vulnerability affecting versions up to 2.9.4 where the simpleTranscribeAudio endpoint does not validate URL schemes before invoking get_audio(), allowing authenticated users with Subscriber-level access or higher to read arbitrary files on the web s...

PT-2025-30656 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions through 2.9.4 Description: The AI Engine plugin for WordPress is susceptible to sensitive information exposure. The simpleTranscribeAudio API endpoint does not properly restrict URL schemes before...

CVE-2025-5570

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5570

CVE-2025-5570 (AI Engine plugin for WordPress) is a stored Cross-Site Scripting vulnerability in versions up to 2.8.4, caused by insufficient input sanitization and output escaping in the mwai_chatbot shortcode with the parameter ‘id’. Exploitation requires authentication at Subscriber level or h...

CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-28323 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: The AI Engine plugin for WordPress versions up to, and including, 2.8.4 Description: The issue is related to Stored Cross-Site Scripting via the id parameter in the mwai chatbot shortcode. This is due to insufficient input sanitization and...

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

PT-2025-27847 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress version 2.8.4 Description: The issue is due to an insecure OAuth implementation, specifically the lack of validation for the redirect uri parameter during the authorization flow. This allows unauthenticated...

WordPress Code Engine plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Code Engine plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

CVE-2025-5071

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...

WordPress plugin Code Engine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Code Engine plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

org.apache.linkis:linkis-engineplugin-seatunnel (>=1.4.0 <=1.8.0), org.apache.seatunnel:connector-console-seatunnel-e2e (>=2.3.0 <=2.3.10) +6 more potentially affected by CVE-2025-32896 via org.apache.seatunnel:seatunnel-engine-common (>=2.3.0-beta <=2.3.10)

org.apache.seatunnel:seatunnel-engine-common MAVEN version =2.3.0-beta, =1.4.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.10 Source cves: CVE-2025-32896 Source advisory: OSV:GHSA-9X53-GR7P-4QF5...

CVE-2025-5071

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...