Lucene search
K

5 matches found

Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.143 views

📄 WordPress Cibeles AI 1.10.8 Shell Upload

An unauthenticated arbitrary file upload vulnerability exists in the Cibeles AI plugin for WordPress versions 1.10.8 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to...

9.8CVSS6.7AI score0.00856EPSS
Exploits3
NVD
NVD
added 2025/11/25 11:15 p.m.11 views

CVE-2025-13595

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

9.8CVSS0.00856EPSS
Exploits3References5
CVE
CVE
added 2025/11/25 10:28 p.m.44 views

CVE-2025-13597

CVE-2025-13597 affects the WordPress AI Feeds plugin up to version 1.0.11. The flaw is an unauthenticated arbitrary file upload due to a missing capability check in the actualizador_git.php module, enabling attackers to download GitHub repositories and overwrite plugin files on the server, with r...

9.8CVSS6.9AI score0.00856EPSS
Exploits3References5
Cvelist
Cvelist
added 2025/11/25 10:28 p.m.15 views

CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

9.8CVSS0.00856EPSS
Exploits3References5
GithubExploit
GithubExploit
added 2025/11/25 5:40 p.m.157 views

Exploit for CVE-2025-13595

CIBELES AI extractTo$extractDir; $rootInsideZip = $extrac...

7AI score0.00856EPSS
Exploits3
Rows per page
Query Builder