5 matches found
CVE-2025-7780
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-7780
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-7780
creationtimestamp| type| source ---|---|--- 2025-07-24 09:38:25+00:00| seen| Telegram/n2X3BjsuuTA1kKBHKflXMps4Ewm2yQcfNlMJXB5UJM21GTM...
CVE-2025-7780 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...
WordPress Ai Engine plugin <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions vulnerability
Missing URL Scheme Validation to Authenticated Subscriber+ Arbitrary File Read via simpleTranscribeAudio and getaudio Functions vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions = 2.9.4...