CVE-2023-2580
published 2023-06-27CVE-2023-2580: The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.47%
37.1th percentile
The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| meowapps | ai_engine | < 1.6.83 | 1.6.83 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g2r6-mg39-w7jm: The AI Engine WordPress plugin before 1
ghsa_unreviewed·2023-06-27
CVE-2023-2580 [MEDIUM] CWE-79 GHSA-g2r6-mg39-w7jm: The AI Engine WordPress plugin before 1
The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
Red Hat
kernel: ext4: zero i_disksize when initializing the bootloader inode
vendor_redhat·2025-05-02·CVSS 5.5
CVE-2023-53101 [MEDIUM] kernel: ext4: zero i_disksize when initializing the bootloader inode
kernel: ext4: zero i_disksize when initializing the bootloader inode
In the Linux kernel, the following vulnerability has been resolved:
ext4: zero i_disksize when initializing the bootloader inode
If the boot loader inode has never been used before, the
EXT4_IOC_SWAP_BOOT inode will initialize it, including setting the
i_size to 0. However, if the "never before used" boot loader has a
non-zero i_size, then i_disksize will be non-zero, and the
inconsistency between i_size and i_disksize can trigger a kernel
warning:
WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319
CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa
RIP: 0010:ext4_file_write_iter+0xbc7/0xd10
Call Trace:
vfs_write+0x3b1/0x5c0
ksys_write+0x77/0x160
__x64_sys_write+0x22/0x30
do_syscall_64+0x39/0x80
Reproducer:
No detection rules found.
No public exploits indexed.
2023-06-27
Published