Meowapps

Ai Engine

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-5570

  • EPSS 0.04%
  • Veröffentlicht 08.07.2025 01:43:47
  • Zuletzt bearbeitet 13.08.2025 19:31:29

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possib...

8

CVE-2025-6238

  • EPSS 0.06%
  • Veröffentlicht 04.07.2025 01:44:02
  • Zuletzt bearbeitet 13.08.2025 19:34:26

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unaut...

8.8

CVE-2025-5071

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 19.06.2025 09:23:47
  • Zuletzt bearbeitet 11.08.2025 18:11:51

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authe...

7.2

CVE-2024-10499

Exploit
  • EPSS 0.31%
  • Veröffentlicht 12.12.2024 06:15:20
  • Zuletzt bearbeitet 17.05.2025 02:25:50

The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks

4.7

CVE-2024-6723

Exploit
  • EPSS 0.16%
  • Veröffentlicht 13.09.2024 06:15:15
  • Zuletzt bearbeitet 27.09.2024 18:50:00

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.

7.2

CVE-2024-6451

Exploit
  • EPSS 0.47%
  • Veröffentlicht 19.08.2024 06:15:05
  • Zuletzt bearbeitet 27.05.2025 21:05:27

AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php.

7.1

CVE-2024-38791

  • EPSS 0.34%
  • Veröffentlicht 01.08.2024 21:15:28
  • Zuletzt bearbeitet 04.04.2025 17:45:25

Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7.

7.2

CVE-2024-34440

  • EPSS 0.74%
  • Veröffentlicht 14.05.2024 15:39:06
  • Zuletzt bearbeitet 04.04.2025 14:46:40

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.

9.8

CVE-2023-51409

  • EPSS 92.67%
  • Veröffentlicht 12.04.2024 14:15:07
  • Zuletzt bearbeitet 08.04.2025 16:29:05

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.

7.2

CVE-2024-29100

  • EPSS 0.12%
  • Veröffentlicht 28.03.2024 06:15:13
  • Zuletzt bearbeitet 08.04.2025 16:40:26

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.