Unknown Ai Engine vulnerabilities
3 known vulnerabilities affecting unknown/ai_engine.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-10499HIGHCVSS 7.2fixed in 2.6.52024-12-12
CVE-2024-10499 [HIGH] CWE-89 CVE-2024-10499: The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its
The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks
cvelistv5nvd
CVE-2024-6723MEDIUMCVSS 4.7fixed in 2.4.82024-09-13
CVE-2024-6723 [MEDIUM] CWE-89 CVE-2024-6723: The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before
The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.
cvelistv5nvd
CVE-2024-6451HIGHCVSS 7.2fixed in 2.5.12024-08-19
CVE-2024-6451 [HIGH] CWE-532 CVE-2024-6451: AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine Wor
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php.
cvelistv5nvd