CVE-2024-10499

Name of the Vulnerable Software and Affected Versions AI Engine WordPress plugin versions prior to 2.6.5

Description The issue concerns a failure to properly sanitize and escape a parameter from one of the plugin's RESP API endpoints before using it in a SQL statement. This allows administrators to perform SQL injection attacks.

Recommendations For versions prior to 2.6.5, update to version 2.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoint until a patch is applied. Avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved.