Aipower Security Vulnerabilities and Issues — Aipower CVE List

Lucene search

AipowerAipower

8 matches found

CVE•added 2024/02/29 5:15 a.m.•88 views

CVE-2023-51528

Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12.

8.8CVSS4.5AI score0.00171EPSS

CVE•added 2025/01/22 8:15 a.m.•56 views

CVE-2025-0428

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with a...

7.2CVSS7.2AI score0.00434EPSS

CVE•added 2024/10/31 6:15 a.m.•47 views

CVE-2024-10392

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the a...

9.8CVSS9.9AI score0.07265EPSS

CVE•added 2023/12/29 3:15 p.m.•45 views

CVE-2023-51527

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2.

7.5CVSS6.2AI score0.00589EPSS

CVE•added 2025/01/22 8:15 a.m.•45 views

CVE-2025-0429

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, wit...

7.2CVSS7.2AI score0.00434EPSS

CVE•added 2025/01/22 8:15 a.m.•39 views

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above...

8.8CVSS6.2AI score0.00123EPSS

CVE•added 2024/07/21 10:15 p.m.•39 views

CVE-2024-37465

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.This issue affects GPT3 AI Content Writer: from n/a through 1.8.66.

6.5CVSS6.4AI score0.00064EPSS

CVE•added 2025/01/22 8:15 a.m.•38 views

CVE-2024-13360

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

5.4CVSS5.3AI score0.00041EPSS