VYPR

AI Power: Complete AI Pack

by WordPress

CVEs (5)

  • CVE-2024-10392CriOct 31, 2024
    risk 0.58cvss 9.8epss 0.13

    The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload…

  • CVE-2025-0429HigJan 22, 2025
    risk 0.40cvss 7.2epss 0.01

    The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows…

  • CVE-2025-0428HigJan 22, 2025
    risk 0.40cvss 7.2epss 0.01

    The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows…

  • CVE-2024-13361MedJan 22, 2025
    risk 0.34cvss 6.3epss 0.00

    The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with…

  • CVE-2024-13360MedJan 22, 2025
    risk 0.28cvss 5.4epss 0.00

    The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to…