AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January 18, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: AI Engine <= 2.1.4 – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Title: Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2024-0699 CVSS…

Read More

WordPress Plugin Vulnerability Report – Paid Memberships Pro – Authenticated (Subscriber+) Arbitrary File Upload – CVE-2023-6187

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,334,391 Active Installs: 90,000 Last Updated: November 16, 2023 Patched Versions: 2.12.4 Affected Versions: <= 2.12.3 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.3 – Authenticated (Subscriber+) Arbitrary File Upload Title: Authenticated (Subscriber+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6187 CVSS…

Read More