cbcvebase.

Coderevolution Aiomatic vulnerabilities

5 known vulnerabilities affecting coderevolution/aiomatic.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-13882P2HIGHCVSS 8.8fixed in 2.3.92025-03-08
CVE-2024-13882 [HIGH] CWE-434 CVE-2024-13882: The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plu The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_generate_featured_image' function in all versions up to, and including, 2.3.8. This makes it possible for authenticated attackers, with Contri
nvd
CVE-2025-6206P3HIGHCVSS 7.5fixed in 2.5.12025-06-24
CVE-2025-6206 [HIGH] CWE-434 CVE-2025-6206: The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plu The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscri
nvd
CVE-2024-34435P3HIGHCVSS 8.8fixed in 1.9.4≥ n/a, ≤ 1.9.32024-06-09
CVE-2024-34435 [HIGH] CWE-862 CVE-2024-34435: Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3.
nvd
CVE-2024-5969P4MEDIUMCVSS 5.3fixed in 2.0.62024-07-27
CVE-2024-5969 [MEDIUM] CWE-20 CVE-2024-5969: The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vu The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers t
nvd
CVE-2024-13816P4MEDIUMCVSS 5.4fixed in 2.3.72025-03-08
CVE-2024-13816 [MEDIUM] CWE-862 CVE-2024-13816: The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plu The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subsc
nvd
Coderevolution Aiomatic vulnerabilities | cvebase