The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/3224162/ | Patch |
https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6cbba-0e0c-4d2c-90d0-d7e0a5222df2?source=cve | Third Party Advisory |
Configurations
History
24 Jan 2025, 18:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:aipower:aipower:*:*:*:*:*:wordpress:*:* | |
References | () https://plugins.trac.wordpress.org/changeset/3224162/ - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6cbba-0e0c-4d2c-90d0-d7e0a5222df2?source=cve - Third Party Advisory | |
First Time |
Aipower aipower
Aipower |
|
Summary |
|
22 Jan 2025, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-01-22 08:15
Updated : 2025-01-24 18:58
NVD link : CVE-2024-13360
Mitre link : CVE-2024-13360
CVE.ORG link : CVE-2024-13360
JSON object : View
Products Affected
aipower
- aipower
CWE
CWE-918
Server-Side Request Forgery (SSRF)