4 matches found
Exploit for CVE-2025-7847
CVE-2025-7847 Wordpress Plugin Authenticated Subscriber Arbitr...
Exploit for CVE-2025-7847
CVE-2025-7847 Wordpress Plugin Authenticated Subscriber Arbitr...
CVE-2025-7847 AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the restsimpleFileUpload function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...
WordPress AI Engine plugin 2.9.3-2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions 2.9.3-2.9.4...