Medium severity6.5NVD Advisory· Published Sep 3, 2025· Updated Apr 15, 2026
CVE-2025-8268
CVE-2025-8268
Description
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/modules/files.phpnvd
- plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/modules/files.phpnvd
- plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/modules/files.phpnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/be39e24f-d7d7-44db-9ffd-a4605de8e577nvd
News mentions
0No linked articles in our index yet.