CVE-2024-13360

Medium CVSS: 5.4

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Vendor

Aipower

Product

Aipower

CWE

CWE-918

Yayın Tarihi

2025-01-22 08:15:08

Güncelleme

2025-01-24 18:58:46

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-918 Aipower MEDIUM Aipower 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3224162/ https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6cbba-0e0c-4d2c-90d0-d7e0a5222df2?source=cve

Benzer Kayıtlar

High

CVE-2025-0428

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and inclu…

High

CVE-2025-0429

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and inclu…

Medium

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability che…