CVE-2024-13360

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Configurations

Configuration 1 (hide)

cpe:2.3:a:aipower:aipower:*:*:*:*:*:wordpress:*:*

History

24 Jan 2025, 18:58

Type Values Removed Values Added
CPE cpe:2.3:a:aipower:aipower:*:*:*:*:*:wordpress:*:*
References () https://plugins.trac.wordpress.org/changeset/3224162/ - () https://plugins.trac.wordpress.org/changeset/3224162/ - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6cbba-0e0c-4d2c-90d0-d7e0a5222df2?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6cbba-0e0c-4d2c-90d0-d7e0a5222df2?source=cve - Third Party Advisory
First Time Aipower aipower
Aipower
Summary
  • (es) El complemento AI Power: Complete AI Pack para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 1.8.96 y incluida a través de wpaicg_troubleshoot_add_vector(). Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicación web y se pueden usar para consultar y modificar información de servicios internos.

22 Jan 2025, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-22 08:15

Updated : 2025-01-24 18:58


NVD link : CVE-2024-13360

Mitre link : CVE-2024-13360

CVE.ORG link : CVE-2024-13360


JSON object : View

Products Affected

aipower

  • aipower
CWE
CWE-918

Server-Side Request Forgery (SSRF)