Lucene search
+L

219 matches found

EUVD
EUVD
added 2026/01/27 6:27 p.m.6 views

EUVD-2026-4785

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/27 6:27 p.m.5 views

CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/27 6:27 p.m.23 views

CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 6:27 p.m.18 views

CVE-2026-0746

CVE-2026-0746 : The WordPress AI Engine plugin (

6.4CVSS5.9AI score0.00181EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.11 views

WordPress Plugin AI Engine code vulnerability

WordPress Plugin AI Engine is a plugin developed by the WordPress Foundation. It can be used to build intelligent chatbots, create AI forms, and automate tasks. Versions of WordPress Plugin AI Engine prior to 3.3.2 have code vulnerabilities due to a server-side request forgeing issue in the...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/01/22 5:21 p.m.177 views

Exploit for Unrestricted Upload of File with Dangerous Type in Meowapps Ai_Engine

CVE-2023-51409 / 0-Click RCE Exploit - Author: Joshua Provost...

10CVSS6.1AI score0.65046EPSS
Exploits4
Metasploit
Metasploit
added 2025/12/04 6:55 p.m.517 views

WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE

This module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions use exploit/multi/http/wpaienginemcprce msf exploitwpaienginemcprce show targets ...targets... msf exploitwpaienginemcprce set TARGET msf exploitwpaienginemcprce show options ...show and set options...

9.8CVSS8.1AI score0.75063EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/04 12:0 a.m.197 views

📄 WordPress AI Engine 3.1.3 Remote Code Execution

This Metasploit module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions less than or equal to 3.1.3. The vulnerability allows an attacker to create an administrator account via the MCP Model Context Protocol endpoint without authentication. The module supports...

9.8CVSS8.2AI score0.75063EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.21 views

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS5.9AI score0.00471EPSS
Exploits1References1
NVD
NVD
added 2025/11/25 8:15 a.m.20 views

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS0.00471EPSS
Exploits1References6
CVE
CVE
added 2025/11/25 7:28 a.m.30 views

CVE-2025-13380

The CVE-2025-13380 entry affects the WordPress plugin AI Engine for WordPress: ChatGPT, GPT Content Generator, vulnerable in all versions up to 1.0.1. Root cause is insufficient validation of user-supplied file paths in the lqdai_update_post AJAX endpoint and use of file_get_contents() with user-...

6.5CVSS5.5AI score0.00471EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.11 views

CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS5.4AI score0.00471EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.22 views

CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS0.00471EPSS
Exploits1References6
Patchstack
Patchstack
added 2025/11/25 7:21 a.m.13 views

WordPress AI Engine for WordPress: ChatGPT, GPT Content Generator plugin <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Ryan Kozak in WordPress Plugin AI Engine for WordPress: ChatGPT, GPT Content Generator versions = 1.0.1...

6.5CVSS7AI score0.00471EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2025/11/20 2:17 a.m.163 views

Exploit for CVE-2025-13380

AI Engine for WordPress: ChatGPT, GPT Content Generator true,...

6.5CVSS6.5AI score0.00471EPSS
Exploits1
CNVD
CNVD
added 2025/11/20 12:0 a.m.7 views

WordPress AI Engine plugin server-side request forgery vulnerability

WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...

6.8CVSS6.7AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 1:22 p.m.9 views

CVE-2025-8084

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS5.7AI score0.00411EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 3:30 p.m.6 views

EUVD-2025-197990

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS5.3AI score0.00411EPSS
Exploits0References4
NVD
NVD
added 2025/11/18 3:16 p.m.7 views

CVE-2025-8084

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS0.00411EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 12:29 p.m.21 views

CVE-2025-8084

CVE-2025-8084 affects the WordPress AI Engine plugin. All versions up to and including 3.1.8 are vulnerable to Server-Side Request Forgery via the rest_helpers_create_images function. An authenticated attacker with Editor-level access or higher can cause the web application to issue requests to a...

6.8CVSS5.4AI score0.00411EPSS
Exploits0References3
Rows per page
Query Builder