Lucene search
K

211 matches found

NVD
NVD
added 2025/07/24 10:15 a.m.4 views

CVE-2025-7780

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

6.5CVSS0.00505EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/24 9:22 a.m.25 views

CVE-2025-7780 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

6.5CVSS0.00505EPSS
Exploits0References5
CVE
CVE
added 2025/07/24 9:22 a.m.22 views

CVE-2025-7780

CVE-2025-7780 (AI Engine WordPress Plugin) is a vulnerability affecting versions up to 2.9.4 where the simpleTranscribeAudio endpoint does not validate URL schemes before invoking get_audio(), allowing authenticated users with Subscriber-level access or higher to read arbitrary files on the web s...

6.5CVSS6AI score0.00505EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/24 9:22 a.m.4 views

CVE-2025-7780 Ai Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

6.5CVSS6.2AI score0.00505EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.5 views

PT-2025-30656 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions through 2.9.4 Description: The AI Engine plugin for WordPress is susceptible to sensitive information exposure. The simpleTranscribeAudio API endpoint does not properly restrict URL schemes before...

6.5CVSS6AI score0.00505EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/24 12:0 a.m.6 views

WordPress plugin AI Engine 信息泄露漏洞

WordPress AI Engine is a plugin based on OpenAI technology, which is mainly used to integrate artificial intelligence features into WordPress websites to improve the efficiency of content generation, automated operations and so on. WordPress AI Engine suffers from an information disclosure...

6.5CVSS6.2AI score0.00505EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/07/23 9:28 p.m.9 views

WordPress Ai Engine plugin <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions vulnerability

Missing URL Scheme Validation to Authenticated Subscriber+ Arbitrary File Read via simpleTranscribeAudio and getaudio Functions vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions = 2.9.4...

6.5CVSS6.7AI score0.00505EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/10 2:27 a.m.9 views

CVE-2025-5570

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2025/07/08 3:15 a.m.6 views

CVE-2025-5570

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/08 1:43 a.m.11 views

CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS0.0017EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/08 1:43 a.m.4 views

CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.5AI score0.0017EPSS
Exploits0References2
CVE
CVE
added 2025/07/08 1:43 a.m.37 views

CVE-2025-5570

CVE-2025-5570 (AI Engine plugin for WordPress) is a stored Cross-Site Scripting vulnerability in versions up to 2.8.4, caused by insufficient input sanitization and output escaping in the mwai_chatbot shortcode with the parameter ‘id’. Exploitation requires authentication at Subscriber level or h...

5.4CVSS5.6AI score0.0017EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28323 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: The AI Engine plugin for WordPress versions up to, and including, 2.8.4 Description: The issue is related to Stored Cross-Site Scripting via the id parameter in the mwai chatbot shortcode. This is due to insufficient input sanitization and...

5.4CVSS5.7AI score0.0017EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.4 views

WordPress plugin AI Engine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/06 2:18 a.m.13 views

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

8CVSS6.6AI score0.00303EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 3:15 a.m.7 views

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

8CVSS5.9AI score0.00303EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/04 1:44 a.m.33 views

CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

8CVSS0.00303EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.4 views

WordPress plugin AI Engine 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...

8CVSS6.5AI score0.00303EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.6 views

PT-2025-27847 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress version 2.8.4 Description: The issue is due to an insecure OAuth implementation, specifically the lack of validation for the redirect uri parameter during the authorization flow. This allows unauthenticated...

8CVSS6.6AI score0.00303EPSS
Exploits0References12
Patchstack
Patchstack
added 2025/07/03 11:5 p.m.16 views

WordPress AI Engine plugin <= 2.8.4 - Insecure OAuth Implementation vulnerability

Insecure OAuth Implementation vulnerability discovered by István Márton - Wordfence in WordPress Plugin AI Engine versions = 2.8.4...

8CVSS6.8AI score0.00303EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder