CVE-2026-27407

CVE-2026-27407 concerns the WordPress AI Engine plugin, affected versions

CVE-2026-23802 WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

📄 WordPress AI Engine: ChatGPT Chatbot 1.9.98 Shell Upload

This is a proof of concept that demonstrates the CVE-2023-51409 vulnerability in the WordPress AI Engine plugin in a controlled, safe, and non-destructive manner. It detects the plugin, tests unauthenticated access to the vulnerable endpoint, performs safe file uploads with non-executable content...

CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

📄 WordPress AI Engine 3.1.3 Remote Code Execution

This Metasploit module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions less than or equal to 3.1.3. The vulnerability allows an attacker to create an administrator account via the MCP Model Context Protocol endpoint without authentication. The module supports...

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

Exploit for CVE-2025-13380

AI Engine for WordPress: ChatGPT, GPT Content Generator true,...

EUVD-2025-197990

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

CVE-2025-8084

CVE-2025-8084 affects the WordPress AI Engine plugin. All versions up to and including 3.1.8 are vulnerable to Server-Side Request Forgery via the rest_helpers_create_images function. An authenticated attacker with Editor-level access or higher can cause the web application to issue requests to a...

EUVD-2025-158262

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...

EUVD-2025-28374

Malicious code in bioql PyPI...

WordPress AI Engine plugin code execution vulnerability

WordPress AI Engine plugin is a WordPress plugin that integrates artificial intelligence features, providing chatbots, content generation, image generation and other features, supporting docking with OpenAI and other platforms. WordPress AI Engine plugin has a code execution vulnerability that...

WordPress plugin AI Engine: ChatGPT Chatbot 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin AI Engine: ChatGPT A code...

Exploit for Unrestricted Upload of File with Dangerous Type in Meowapps Ai_Engine

CVE-2023-51409 AI Engine: ChatGPT Chatbot = 1.9.98 - Unaut...

WordPress plugin AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin AI Engine: Chatbots,...