Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/02/06 2:13 a.m.16 views

CVE-2025-0429

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...

7.2CVSS9.6AI score0.00642EPSS
Exploits0References1
nvd
nvd
added 2025/01/22 8:15 a.m.36 views

CVE-2025-0429

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...

7.2CVSS0.00642EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/01/22 7:29 a.m.18 views

CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...

7.2CVSS7.2AI score0.00642EPSS
Exploits0References2
cve
cve
added 2025/01/22 7:29 a.m.76 views

CVE-2025-0428

The CVE refers to WordPress plugin AI Power: Complete AI Pack (up to version 1.8.96). It is vulnerable to PHP Object Injection via deserialization of untrusted data in $form['post_content'] through wpaicg_export_prompts, exploitable by authenticated admins. There is no POP chain in the plugin its...

7.2CVSS7.2AI score0.00642EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2025/01/22 7:29 a.m.48 views

CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...

7.2CVSS0.00642EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/01/22 7:29 a.m.13 views

CVE-2024-13360 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicgtroubleshootaddvector. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

5.4CVSS6.6AI score0.00233EPSS
Exploits0References2
Rows per page
Query Builder