Lucene search
+L

218 matches found

cnnvd
cnnvd
added 2025/07/07 12:0 a.m.6 views

WordPress plugin AI Engine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/07/06 2:18 a.m.13 views

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

8CVSS6.6AI score0.00303EPSS
Exploits0References1
osv
osv
added 2025/07/04 3:15 a.m.7 views

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

8CVSS5.9AI score0.00303EPSS
Exploits0References4
cvelist
cvelist
added 2025/07/04 1:44 a.m.34 views

CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

8CVSS0.00303EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/07/04 12:0 a.m.4 views

WordPress plugin AI Engine 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...

8CVSS6.5AI score0.00303EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/07/04 12:0 a.m.6 views

PT-2025-27847 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress version 2.8.4 Description: The issue is due to an insecure OAuth implementation, specifically the lack of validation for the redirect uri parameter during the authorization flow. This allows unauthenticated...

8CVSS6.6AI score0.00303EPSS
Exploits0References12
patchstack
patchstack
added 2025/07/03 11:5 p.m.16 views

WordPress AI Engine plugin <= 2.8.4 - Insecure OAuth Implementation vulnerability

Insecure OAuth Implementation vulnerability discovered by István Márton - Wordfence in WordPress Plugin AI Engine versions = 2.8.4...

8CVSS6.8AI score0.00303EPSS
Exploits0References1Affected Software1
cnvd
cnvd
added 2025/06/27 12:0 a.m.4 views

WordPress AI Engine plugin has unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unspecified vulnerability exists in WordPress AI Engine plugin that stems from a lack of capability checking, which can be exploited by attackers to cause unauthorized data...

8.8CVSS6.9AI score0.00617EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/06/23 8:39 a.m.7 views

CVE-2025-5071

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS7.1AI score0.00617EPSS
Exploits0References1
osv
osv
added 2025/06/19 10:15 a.m.4 views

CVE-2025-5071

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS5.8AI score0.00617EPSS
Exploits0References3
nvd
nvd
added 2025/06/19 10:15 a.m.13 views

CVE-2025-5071

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS0.00617EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/06/19 9:23 a.m.5 views

CVE-2025-5071 AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS7AI score0.00617EPSS
Exploits0References3
cve
cve
added 2025/06/19 9:23 a.m.54 views

CVE-2025-5071

The CVE-2025-5071 entry concerns the WordPress AI Engine plugin (versions 2.8.0–2.8.3) with a missing capability check in Meow_MWAI_Labs_MCP::can_access_mcp. This allows authenticated users with subscriber-level access and above to gain full MCP control and execute commands (e.g., wp_create_user,...

8.8CVSS8.6AI score0.00617EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2025/06/19 9:23 a.m.9 views

CVE-2025-5071 AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS0.00617EPSS
Exploits0References3
wordfence
wordfence
added 2025/06/18 9:1 p.m.11 views

100,000 WordPress Sites Affected by Privilege Escalation via MCP in AI Engine WordPress Plugin

🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 21st, 2025, our Wordfence Thre...

8.8CVSS7.7AI score0.00617EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 10:33 a.m.16 views

CVE-2024-6723

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions...

4.7CVSS7.5AI score0.0045EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 10:28 a.m.10 views

CVE-2024-6451

AI Engine 2.4.3 is susceptible to remote-code-execution RCE via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logspath", allowing Administrators to change log filetypes from .log to .php...

7.2CVSS6.7AI score0.00817EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 7:53 a.m.18 views

CVE-2024-38791

Server-Side Request Forgery SSRF vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7...

7.1CVSS7AI score0.00224EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:53 a.m.9 views

CVE-2024-10499

The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks...

7.2CVSS7.6AI score0.00596EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 3:14 a.m.6 views

CVE-2023-2580

The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS5.3AI score0.0047EPSS
Exploits2References1
Rows per page
Query Builder