CVE-2025-8084

Name of the Vulnerable Software and Affected Versions AI Engine plugin for WordPress versions through 3.1.8

Description The AI Engine plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF) in all versions up to and including 3.1.8. This issue is present in the rest helpers create images function. An authenticated attacker with Editor-level access or higher can leverage this to make web requests to arbitrary locations from the web application. This could allow querying and modification of information from internal services, and on Cloud instances, it enables metadata retrieval.

Recommendations Update the AI Engine plugin to a version later than 3.1.8.