Lucene search
+L

219 matches found

Nuclei
Nuclei
added 3 days ago117 views

Jordy Meow AI Engine - Unrestricted File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine- ChatGPT Chatbot.This issue affects AI Engine- ChatGPT Chatbot- from n/a through 1.9.98. id: CVE-2023-51409 info: name: Jordy Meow AI Engine - Unrestricted File Upload author: pussycat0x severity: critical...

10CVSS7AI score0.65046EPSS
Exploits4References4
Nuclei
Nuclei
added 3 days ago26 views

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7AI score0.75063EPSS
Exploits5References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44874

The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions...

5.9CVSS6.1AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-12510 AI Engine < 3.5.5 - Subscriber+Chatbot Discussion Disclosure and Takeover via IDOR

The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions...

0.00145EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-12510

The CVE concerns the AI Engine WordPress plugin prior to version 3.5.5. It does not verify ownership of a chatbot conversation when a client-supplied identifier is used, enabling users with subscriber-level access to read other users’ private conversations and take over their conversation records...

5.9CVSS6.1AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-12511

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-12511 AI Engine < 3.5.5 - Editor+ Arbitrary File Write via Path Traversal

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

0.00304EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-12511

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS6.2AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43626

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS6.2AI score0.00304EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-12511

The CVE-2026-12511 issue affects the AI Engine WordPress plugin prior to version 3.5.5, where a user-supplied filename is not sanitized before using it to write a downloaded file. This enables authenticated users with editor-level access to perform path traversal and write attacker-controlled byt...

8.1CVSS6.2AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36916

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS5.2AI score0.00393EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.12 views

CVE-2026-27407

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS0.00393EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.32 views

CVE-2026-27407

CVE-2026-27407 concerns the WordPress AI Engine plugin, affected versions

7.2CVSS5.2AI score0.00393EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/28 8:57 a.m.14 views

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin AI Engine versions = 3.4.9...

7.2CVSS5.8AI score0.00393EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.13 views

CVE-2026-8719

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/18 3:18 a.m.16 views

WordPress AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin 3.4.9-3.4.9 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AI Engine versions 3.4.9-3.4.9...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/17 2:27 a.m.23 views

EUVD-2026-30678

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.22 views

PT-2026-41513

Name of the Vulnerable Software and Affected Versions The AI Engine – The Chatbot, AI Framework & MCP for WordPress version 3.4.9 Description Missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path allows authenticated users with Subscriber privileges or higher t...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.3 views

CVE-2026-39506

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder