Tigroumeow Ai Engine vulnerabilities

CVE-2025-7847 [HIGH] CWE-434 CVE-2025-7847: The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server when the REST API is enabled

CVE-2025-6238 [HIGH] CWE-601 CVE-2025-6238: The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to a The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the us

CVE-2025-5071 [HIGH] CWE-863 CVE-2025-5071: The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of da The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run variou