VYPR

Aipower

by WordPress

CVEs (2)

  • CVE-2025-0428HigJan 22, 2025
    risk 0.40cvss 7.2epss 0.01

    The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows…

  • CVE-2024-13361MedJan 22, 2025
    risk 0.34cvss 6.3epss 0.00

    The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with…