6 matches found
CVE-2025-0429
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2025-0429
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2025-0428
The CVE refers to WordPress plugin AI Power: Complete AI Pack (up to version 1.8.96). It is vulnerable to PHP Object Injection via deserialization of untrusted data in $form['post_content'] through wpaicg_export_prompts, exploitable by authenticated admins. There is no POP chain in the plugin its...
CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2024-13360 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicgtroubleshootaddvector. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...