CVE-2024-13882

The CVE-2024-13882 entry for Aiomatic (WordPress plugin) is supported by multiple connected sources indicating a concrete vulnerability: arbitrary file uploads due to missing file-type validation in aiomatic_generate_featured_image in all versions up to 2.3.8, exploitable by authenticated users w...

CVE-2024-34435

CVE-2024-34435 affects CodeRevolution Aiomatic (Aiomatic) for WordPress, with a Missing Authorization vulnerability in Aiomatic versions up to and including 1.9.3. Root cause: missing authorization checks allow unauthorized access. Impact: potential unauthorized access to Aiomatic functionality; ...

CVE-2024-13816

The CVE-2024-13816 entry covers Aiomatic – Automatic AI Content Writer & Editor (WordPress plugin) with vulnerable versions up to 2.3.6, where missing capability checks allow authenticated users with Subscriber-level access and above to perform multiple administrator actions (update/delete posts,...

CVE-2024-5969

The CVE-2024-5969 entry concerns the WordPress plugin AIomatic - Automatic AI Content Writer, affected versions up to and including 2.0.5. Multiple connected sources describe an unauthenticated arbitrary email-sending vulnerability in the aiomatic_send_email function, reachable via AJAX, allowing...

CVE-2025-6206

CVE-2025-6206 concerns the WordPress plugin Aiomatic - AI Content Writer & Editor (versions up to 2.5.0). The issue is an arbitrary file upload flaw caused by missing file-type validation in the aiomatic_image_editor_ajax_submit function. It requires an authenticated user with Subscriber+ privile...