PT-2026-4993 · WordPress · Ai Engine
Type5Afe
·
Publicado
2026-01-27
·
Atualizado
2026-01-27
·
CVE-2026-0746
CVSS v3.1
6.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
AI Engine plugin for WordPress versions up to and including 3.3.2
Description
The AI Engine plugin for WordPress is susceptible to Server-Side Request Forgery via the
get audio function. An authenticated attacker with Subscriber-level access or higher can make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services if the "Public API" is enabled in the plugin settings and allow url fopen is set to 'On' on the server.Recommendations
Update the AI Engine plugin to a version later than 3.3.2.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ai Engine