Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AI Engine – The Chatbot, AI Framework & MCP for WordPress — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in AI Engine – The Chatbot, AI Framework & MCP for WordPress, with AI-generated Chinese analysis, references, and POCs.

Vendor: tigroumeow

CVE IDTitleCVSSSeverityPublished
CVE-2026-8719 AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token CWE-269 8.8 High2026-05-17
CVE-2026-1400 AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint CWE-434 7.2 High2026-01-28
CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery CWE-918 6.4 Medium2026-01-27
CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery CWE-918 6.8 Medium2025-11-18
CVE-2025-12844 AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization CWE-502 7.1 High2025-11-13
CVE-2025-11749 AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation CWE-200 9.8 Critical2025-11-05
CVE-2025-8268 Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion CWE-862 6.5 Medium2025-09-03
CVE-2025-7780 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions CWE-200 6.5 Medium2025-07-24
CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter CWE-79 5.4 Medium2025-07-08
CVE-2024-0378 AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting CWE-79 6.5 Medium2024-03-02
CVE-2024-0699 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url CWE-434 6.6 Medium2024-02-05

All 11 known CVE vulnerabilities affecting AI Engine – The Chatbot, AI Framework & MCP for WordPress with full Chinese analysis, references, and POCs where available.