Vulnerabilities

CVE-2025-8268

by Fred · 03/09/2025

The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.

More information : https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.9.5/classes/modules/files.php#L518

Similar

Tags: Cybersecurity Alert