Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by tigroumeow
CVE-2026-1291 (GCVE-0-2026-1291)
Vulnerability from cvelistv5 – Published: 2026-06-13 08:29 – Updated: 2026-06-15 19:25
VLAI
Title
Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation
Summary
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with Author-level access and above, to arbitrarily create or overwrite existing gallery shortcode records by supplying a user-controlled id value. The endpoint performs database update operations without verifying that the requesting user is authorized to modify the referenced gallery record or create their own.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | Meow Gallery |
Affected:
0 , ≤ 5.4.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T16:44:06.486537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T19:25:53.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Meow Gallery",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chawabhon Netisingha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with Author-level access and above, to arbitrarily create or overwrite existing gallery shortcode records by supplying a user-controlled id value. The endpoint performs database update operations without verifying that the requesting user is authorized to modify the referenced gallery record or create their own."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T08:29:40.890Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3386ea07-9c61-4b54-a451-1178ca6325cb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/meow-gallery/trunk/classes/rest.php"
},
{
"url": "https://wordpress.org/plugins/meow-gallery/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3469543/meow-gallery"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3469543/meow-gallery/trunk/classes/rest.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fmeow-gallery/tags/5.4.4\u0026new_path=%2Fmeow-gallery/tags/5.4.5"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-21T16:34:45.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-12T19:54:13.000Z",
"value": "Disclosed"
}
],
"title": "Meow Gallery \u003c= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1291",
"datePublished": "2026-06-13T08:29:40.890Z",
"dateReserved": "2026-01-21T16:18:13.278Z",
"dateUpdated": "2026-06-15T19:25:53.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8719 (GCVE-0-2026-8719)
Vulnerability from cvelistv5 – Published: 2026-05-17 02:27 – Updated: 2026-05-18 16:40
VLAI
Title
AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token
Summary
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
3.4.9
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T16:40:12.460662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T16:40:29.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"status": "affected",
"version": "3.4.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daroo"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-17T02:27:02.277Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0593c20d-3422-4817-9639-614254b609db?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3533527/ai-engine"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T21:46:08.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-05-16T14:19:48.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-8719",
"datePublished": "2026-05-17T02:27:02.277Z",
"dateReserved": "2026-05-15T21:30:51.096Z",
"dateUpdated": "2026-05-18T16:40:29.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1400 (GCVE-0-2026-1400)
Vulnerability from cvelistv5 – Published: 2026-01-28 08:26 – Updated: 2026-04-08 17:25
VLAI
Title
AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint
Summary
The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The attacker can upload a benign image file, then use the `update_media_metadata` endpoint to rename it to a PHP file, creating an executable PHP file in the uploads directory.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 3.3.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T16:06:48.366374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T16:06:59.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine \u2013 The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible. The attacker can upload a benign image file, then use the `update_media_metadata` endpoint to rename it to a PHP file, creating an executable PHP file in the uploads directory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:25:58.973Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5227269-4406-4fcf-af37-f1db0af857d6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.0/classes/rest.php#L1104"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.0/classes/rest.php#L1141"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classes/rest.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-23T21:59:21.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-27T19:28:10.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via \u0027filename\u0027 Parameter in update_media_metadata Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1400",
"datePublished": "2026-01-28T08:26:56.110Z",
"dateReserved": "2026-01-23T21:44:13.311Z",
"dateUpdated": "2026-04-08T17:25:58.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0746 (GCVE-0-2026-0746)
Vulnerability from cvelistv5 – Published: 2026-01-27 18:27 – Updated: 2026-04-08 17:23
VLAI
Title
AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery
Summary
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services, if "Public API" is enabled in the plugin settings, and 'allow_url_fopen' is set to 'On' on the server.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 3.3.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T14:05:46.546803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T14:11:11.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the \u0027get_audio\u0027 function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services, if \"Public API\" is enabled in the plugin settings, and \u0027allow_url_fopen\u0027 is set to \u0027On\u0027 on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:23:35.066Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbba866d-93dd-4ef5-9670-ab958f61f06e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.1/classes/engines/chatml.php#L946"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classes/engines/chatml.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-08T19:24:35.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-27T06:06:34.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-0746",
"datePublished": "2026-01-27T18:27:55.920Z",
"dateReserved": "2026-01-08T19:06:51.188Z",
"dateUpdated": "2026-04-08T17:23:35.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8084 (GCVE-0-2025-8084)
Vulnerability from cvelistv5 – Published: 2025-11-18 12:29 – Updated: 2026-04-08 16:47
VLAI
Title
AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery
Summary
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 3.1.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:27:21.370371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:30:32.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "3.1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonas Benjamin Friedli"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:47:10.488Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b497bc0-bf47-43c7-9d5f-8e130dd0bab2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/rest.php#L742"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/services/image.php#L89"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-12T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-07-23T13:44:43.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-18T00:28:40.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-8084",
"datePublished": "2025-11-18T12:29:48.352Z",
"dateReserved": "2025-07-23T13:29:23.642Z",
"dateUpdated": "2026-04-08T16:47:10.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12844 (GCVE-0-2025-12844)
Vulnerability from cvelistv5 – Published: 2025-11-13 07:27 – Updated: 2026-04-08 17:20
VLAI
Title
AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization
Summary
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'rest_simpleTranscribeAudio' and 'rest_simpleVisionQuery' functions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 3.1.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T19:26:32.518683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T19:26:43.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "3.1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ISMAILSHADOW"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the \u0027rest_simpleTranscribeAudio\u0027 and \u0027rest_simpleVisionQuery\u0027 functions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:20:26.371Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c39c1b72-e3e0-44fb-8fb8-602cb0aa61e3?source=cve"
},
{
"url": "https://github.com/jordymeow/ai-engine/blob/main/classes/modules/files.php#L237"
},
{
"url": "https://github.com/jordymeow/ai-engine/blob/main/classes/api.php#L799"
},
{
"url": "https://github.com/jordymeow/ai-engine/blob/main/classes/services/image.php#L43"
},
{
"url": "https://github.com/jordymeow/ai-engine/blob/main/classes/engines/chatml.php#L960-L967"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3392052/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T21:00:47.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12844",
"datePublished": "2025-11-13T07:27:53.931Z",
"dateReserved": "2025-11-06T20:29:04.536Z",
"dateUpdated": "2026-04-08T17:20:26.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11749 (GCVE-0-2025-11749)
Vulnerability from cvelistv5 – Published: 2025-11-05 05:31 – Updated: 2026-04-08 16:33
VLAI
Title
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
Summary
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 3.1.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:18:09.578670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:39:43.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "3.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emiliano Versini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the \u0027Bearer Token\u0027 value when \u0027No-Auth URL\u0027 is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:50.495Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06eaf624-aedf-453d-8457-d03a572fac0d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/trunk/labs/mcp.php#L226"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3380753/ai-engine#file10"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-14T15:20:01.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-04T17:19:25.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11749",
"datePublished": "2025-11-05T05:31:25.156Z",
"dateReserved": "2025-10-14T15:04:46.388Z",
"dateUpdated": "2026-04-08T16:33:50.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8268 (GCVE-0-2025-8268)
Vulnerability from cvelistv5 – Published: 2025-09-03 20:24 – Updated: 2026-04-08 17:19
VLAI
Title
Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion
Summary
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 2.9.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T20:47:06.228438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T20:47:15.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "2.9.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ISMAILSHADOW"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:19:09.687Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be39e24f-d7d7-44db-9ffd-a4605de8e577?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/modules/files.php#L645"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/modules/files.php#L518"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/modules/files.php#L664"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-14T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-07-27T15:09:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-03T07:55:41.000Z",
"value": "Disclosed"
}
],
"title": "Ai Engine \u003c= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-8268",
"datePublished": "2025-09-03T20:24:15.668Z",
"dateReserved": "2025-07-27T14:53:48.378Z",
"dateUpdated": "2026-04-08T17:19:09.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7847 (GCVE-0-2025-7847)
Vulnerability from cvelistv5 – Published: 2025-07-31 04:26 – Updated: 2025-07-31 13:25
VLAI
Title
AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
Summary
The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server when the REST API is enabled, which may make remote code execution possible.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine |
Affected:
2.9.3 , ≤ 2.9.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:25:07.791631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:25:15.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "2.9.4",
"status": "affected",
"version": "2.9.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ISMAILSHADOW"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site\u0027s server when the REST API is enabled, which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T04:26:20.021Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c1c7ec9-d01f-433d-abec-dc2b6ff684c7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.3/classes/api.php#L673"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.3/classes/modules/files.php#L332"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3329842/ai-engine/trunk/classes/api.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3332539%40ai-engine\u0026new=3332539%40ai-engine\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-18T20:41:57.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-07-30T16:06:38.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7847",
"datePublished": "2025-07-31T04:26:20.021Z",
"dateReserved": "2025-07-18T20:25:13.424Z",
"dateUpdated": "2025-07-31T13:25:15.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7780 (GCVE-0-2025-7780)
Vulnerability from cvelistv5 – Published: 2025-07-24 09:22 – Updated: 2026-04-08 16:52
VLAI
Title
AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
Summary
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin’s OpenAI API integration.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 2.9.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:15:12.490534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:15:16.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "2.9.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ISMAILSHADOW"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin\u2019s OpenAI API integration."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:52:29.155Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/513274bc-3016-4adb-be78-b13c5fae9c03?source=cve"
},
{
"url": "https://wordpress.org/plugins/ai-engine/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.3/classes/engines/chatml.php#L829"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.3/classes/api.php#L625"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3332540/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-17T23:03:52.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-07-23T20:32:50.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7780",
"datePublished": "2025-07-24T09:22:16.242Z",
"dateReserved": "2025-07-17T22:47:26.450Z",
"dateUpdated": "2026-04-08T16:52:29.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5570 (GCVE-0-2025-5570)
Vulnerability from cvelistv5 – Published: 2025-07-08 01:43 – Updated: 2026-04-08 17:12
VLAI
Title
AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter
Summary
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 2.8.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:27:48.573365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T16:12:46.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "2.8.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode \u0027id\u0027 parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:12:48.771Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a32dcf96-ec75-46b1-8f1d-608411ad5147?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.2/classes/modules/chatbot.php#L617"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-28T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-07-03T11:37:08.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-07-07T12:13:01.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5570",
"datePublished": "2025-07-08T01:43:47.424Z",
"dateReserved": "2025-06-03T20:33:41.338Z",
"dateUpdated": "2026-04-08T17:12:48.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6238 (GCVE-0-2025-6238)
Vulnerability from cvelistv5 – Published: 2025-07-04 01:44 – Updated: 2025-07-08 14:28
VLAI
Title
AI Engine 2.8.4 - Insecure OAuth Implementation
Summary
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the 'Meow_MWAI_Labs_OAuth' class is not loaded in the plugin in the patched version 2.8.5.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine |
Affected:
2.8.4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:27:57.811986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:28:09.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine",
"vendor": "tigroumeow",
"versions": [
{
"status": "affected",
"version": "2.8.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the \u0027redirect_uri\u0027 parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the \u0027Meow_MWAI_Labs_OAuth\u0027 class is not loaded in the plugin in the patched version 2.8.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T01:44:02.327Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1edc84fd-8cb5-4899-9444-1b6ae3144917?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.4/labs/oauth.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3321384/ai-engine/trunk/labs/mcp.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3321384/ai-engine/trunk/labs/oauth.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-18T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-06-18T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-07-03T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine 2.8.4 - Insecure OAuth Implementation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-6238",
"datePublished": "2025-07-04T01:44:02.327Z",
"dateReserved": "2025-06-18T13:58:33.637Z",
"dateUpdated": "2025-07-08T14:28:09.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5071 (GCVE-0-2025-5071)
Vulnerability from cvelistv5 – Published: 2025-06-19 09:23 – Updated: 2025-06-20 13:11
VLAI
Title
AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP
Summary
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine |
Affected:
2.8.0 , ≤ 2.8.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:49:14.799564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:11:34.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "2.8.3",
"status": "affected",
"version": "2.8.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the \u0027Meow_MWAI_Labs_MCP::can_access_mcp\u0027 function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like \u0027wp_create_user\u0027, \u0027wp_update_user\u0027 and \u0027wp_update_option\u0027, which can be used for privilege escalation, and \u0027wp_update_post\u0027, \u0027wp_delete_post\u0027, \u0027wp_update_comment\u0027 and \u0027wp_delete_comment\u0027, which can be used to edit and delete posts and comments."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T09:23:47.875Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-21T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-05-21T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-06-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5071",
"datePublished": "2025-06-19T09:23:47.875Z",
"dateReserved": "2025-05-21T22:04:13.168Z",
"dateUpdated": "2025-06-20T13:11:34.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4386 (GCVE-0-2024-4386)
Vulnerability from cvelistv5 – Published: 2024-05-09 20:03 – Updated: 2026-04-08 16:50
VLAI
Title
Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Summary
The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_atts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | Meow Gallery |
Affected:
0 , ≤ 5.1.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-11T16:54:55.662947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:37.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/477b41a5-b2ff-4b94-9622-824146a0e2ed?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/meow-gallery/trunk/classes/core.php#L273"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3082976/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Meow Gallery",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "5.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data_atts\u2019 parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:50:01.051Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/477b41a5-b2ff-4b94-9622-824146a0e2ed?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/meow-gallery/trunk/classes/core.php#L273"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3082976/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Gallery Block (Meow Gallery) \u003c= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4386",
"datePublished": "2024-05-09T20:03:23.835Z",
"dateReserved": "2024-05-01T02:23:40.241Z",
"dateUpdated": "2026-04-08T16:50:01.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0378 (GCVE-0-2024-0378)
Vulnerability from cvelistv5 – Published: 2024-03-02 09:37 – Updated: 2026-04-08 16:53
VLAI
Title
AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting
Summary
The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 2.2.0
(semver)
|
|
| jordy_meow | ai-engine |
Affected:
0 , ≤ 2.2.0
(custom)
cpe:2.3:a:jordy_meow:ai-engine:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jordy_meow:ai-engine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ai-engine",
"vendor": "jordy_meow",
"versions": [
{
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:13:22.311140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:14:01.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3043570%40ai-engine\u0026new=3043570%40ai-engine\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sudip Roy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:53:16.394Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3043570%40ai-engine\u0026new=3043570%40ai-engine\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-01T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 2.2.0 - Unauthenticated Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0378",
"datePublished": "2024-03-02T09:37:32.638Z",
"dateReserved": "2024-01-09T22:20:23.887Z",
"dateUpdated": "2026-04-08T16:53:16.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0699 (GCVE-0-2024-0699)
Vulnerability from cvelistv5 – Published: 2024-02-05 21:21 – Updated: 2026-04-08 16:34
VLAI
Title
AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url
Summary
The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2024-29100 is likely a duplicate of this issue.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress |
Affected:
0 , ≤ 2.1.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:46:10.749116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:46:56.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine \u2013 The Chatbot, AI Framework \u0026 MCP for WordPress",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sudip Roy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the \u0027add_image_from_url\u0027 function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible. CVE-2024-29100 is likely a duplicate of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:34:41.496Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine \u003c= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0699",
"datePublished": "2024-02-05T21:21:32.230Z",
"dateReserved": "2024-01-18T20:04:56.876Z",
"dateUpdated": "2026-04-08T16:34:41.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}