cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0429,https://securityvulnerability.io/vulnerability/CVE-2025-0429,PHP Object Injection Vulnerability in AI Power: Complete AI Pack for WordPress,"The AI Power: Complete AI Pack plugin for WordPress is susceptible to a PHP Object Injection vulnerability due to the unsafe deserialization of untrusted input from the $form['post_content'] variable in the wpaicg_export_ai_forms() function. This flaw allows authenticated users with administrative rights to exploit the vulnerability, potentially leading to the injection of malicious PHP objects. While there is no inherent PHP Object Pollution (POP) chain in this plugin, the presence of an additional vulnerable plugin or theme on the same site could enable the attacker to delete files, steal sensitive information, or execute arbitrary code.",Wordpress,Ai Power: Complete Ai Pack,7.2,HIGH,0.0005000000237487257,false,,false,false,false,false,false,false,2025-01-22T07:29:40.953Z,0
CVE-2025-0428,https://securityvulnerability.io/vulnerability/CVE-2025-0428,PHP Object Injection Vulnerability in AI Power: Complete AI Pack for WordPress,"The AI Power: Complete AI Pack plugin for WordPress is susceptible to a PHP Object Injection vulnerability affecting versions up to 1.8.96. This vulnerability arises from the deserialization of untrusted data in the $form['post_content'] variable through the wpaicg_export_prompts function. Authenticated attackers with administrative privileges can exploit this weakness to inject malicious PHP Objects. While no direct PHP Object Payload (POP) chain is contained within the plugin itself, the presence of additional vulnerable plugins or themes on the target site could facilitate actions such as arbitrary file deletion, sensitive data retrieval, or even remote code execution.",Wordpress,Ai Power: Complete Ai Pack,7.2,HIGH,0.0005000000237487257,false,,false,false,false,false,false,false,2025-01-22T07:29:40.161Z,0
CVE-2024-13360,https://securityvulnerability.io/vulnerability/CVE-2024-13360,Server-Side Request Forgery in AI Power: Complete AI Pack Plugin for WordPress,"The AI Power: Complete AI Pack plugin for WordPress contains a Server-Side Request Forgery vulnerability that allows authenticated users with subscriber-level access and above to exploit the wpaicg_troubleshoot_add_vector() function. This vulnerability enables attackers to initiate web requests to arbitrary locations from the web application, potentially allowing them to query and alter sensitive information from internal services. Users are urged to update to the latest version to mitigate this risk.",Wordpress,Ai Power: Complete Ai Pack,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-22T07:29:39.434Z,0
CVE-2024-13361,https://securityvulnerability.io/vulnerability/CVE-2024-13361,Unauthorized Access in AI Power: Complete AI Pack Plugin for WordPress,"The AI Power: Complete AI Pack plugin for WordPress presents a significant security risk due to a lack of capability checks in the wpaicg_save_image_media function. This vulnerability allows authenticated users with Subscriber-level access and higher to upload image files. Furthermore, it enables attackers to manipulate the image_alt attribute via shortcode, potentially executing malicious code during POST requests to the attachment page. This issue is present in all versions up to and including 1.8.96, highlighting the importance of timely updates and security measures for all WordPress users utilizing this plugin.",Wordpress,Ai Power: Complete Ai Pack,8.8,HIGH,0.0005000000237487257,false,,false,false,false,false,false,false,2025-01-22T07:29:38.809Z,0
CVE-2024-10392,https://securityvulnerability.io/vulnerability/CVE-2024-10392,Unauthenticated Remote Code Execution Vulnerability in AI Power Complete AI Pack plugin for WordPress,"The AI Power: Complete AI Pack plugin for WordPress is susceptible to an arbitrary file upload vulnerability due to insufficient validation of file types in the 'handle_image_upload' function. This flaw affects all versions of the plugin up to and including version 1.8.89. Attackers without authentication can exploit this vulnerability to upload arbitrary files to the server, potentially leading to remote code execution. This poses a significant risk for users of the affected plugin and highlights the necessity for vigilant security measures, including timely updates and security practices.",Wordpress,Ai Power: Complete Ai Pack,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,2024-10-31T05:31:23.024Z,0