PT-2026-4993 · WordPress · Ai Engine
Type5Afe
·
Published
2026-01-27
·
Updated
2026-01-27
·
CVE-2026-0746
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
AI Engine plugin for WordPress versions up to and including 3.3.2
Description
The AI Engine plugin for WordPress is susceptible to Server-Side Request Forgery via the
get audio function. An authenticated attacker with Subscriber-level access or higher can make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services if the "Public API" is enabled in the plugin settings and allow url fopen is set to 'On' on the server.Recommendations
Update the AI Engine plugin to a version later than 3.3.2.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai Engine