211 matches found
CVE-2025-7780
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-7780 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-7780
CVE-2025-7780 (AI Engine WordPress Plugin) is a vulnerability affecting versions up to 2.9.4 where the simpleTranscribeAudio endpoint does not validate URL schemes before invoking get_audio(), allowing authenticated users with Subscriber-level access or higher to read arbitrary files on the web s...
CVE-2025-7780 Ai Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...
PT-2025-30656 · WordPress · Ai Engine
Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions through 2.9.4 Description: The AI Engine plugin for WordPress is susceptible to sensitive information exposure. The simpleTranscribeAudio API endpoint does not properly restrict URL schemes before...
WordPress plugin AI Engine 信息泄露漏洞
WordPress AI Engine is a plugin based on OpenAI technology, which is mainly used to integrate artificial intelligence features into WordPress websites to improve the efficiency of content generation, automated operations and so on. WordPress AI Engine suffers from an information disclosure...
WordPress Ai Engine plugin <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions vulnerability
Missing URL Scheme Validation to Authenticated Subscriber+ Arbitrary File Read via simpleTranscribeAudio and getaudio Functions vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions = 2.9.4...
CVE-2025-5570
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5570
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5570
CVE-2025-5570 (AI Engine plugin for WordPress) is a stored Cross-Site Scripting vulnerability in versions up to 2.8.4, caused by insufficient input sanitization and output escaping in the mwai_chatbot shortcode with the parameter ‘id’. Exploitation requires authentication at Subscriber level or h...
PT-2025-28323 · WordPress · Ai Engine
Name of the Vulnerable Software and Affected Versions: The AI Engine plugin for WordPress versions up to, and including, 2.8.4 Description: The issue is related to Stored Cross-Site Scripting via the id parameter in the mwai chatbot shortcode. This is due to insufficient input sanitization and...
WordPress plugin AI Engine 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
CVE-2025-6238
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...
CVE-2025-6238
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...
CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...
WordPress plugin AI Engine 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...
PT-2025-27847 · WordPress · Ai Engine
Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress version 2.8.4 Description: The issue is due to an insecure OAuth implementation, specifically the lack of validation for the redirect uri parameter during the authorization flow. This allows unauthenticated...
WordPress AI Engine plugin <= 2.8.4 - Insecure OAuth Implementation vulnerability
Insecure OAuth Implementation vulnerability discovered by István Márton - Wordfence in WordPress Plugin AI Engine versions = 2.8.4...