Ai engine
This hub aggregates every CVE we track for Ai engine, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
17
CVEs tracked
4
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM7HIGH6CRITICAL4
Monthly trend
0
2
1
0
0
1
0
0
0
0
0
1
3
0
0
0
0
0
0
0
1
0
0
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Ai engine.
- CVE-2026-27407WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability7.2
- CVE-2026-23802WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability9.1
- CVE-2025-7847AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload8.8
- CVE-2025-5570AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter5.4
- CVE-2025-6238AI Engine 2.8.4 - Insecure OAuth Implementation8.0
- CVE-2025-5071AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP8.8
- CVE-2024-10499AI-Engine < 2.6.5 - Admin+ SQLi7.2
- CVE-2024-6723AI Engine < 2.4.8 - Admin+ SQLi4.7
- CVE-2024-6451AI Engine < 2.5.1 - Admin+ RCE7.2
- CVE-2024-38791WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability4.9
- CVE-2024-34440WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability9.1
- CVE-2023-51409WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability10.0
- CVE-2024-29090WordPress AI Engine plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability6.8
- CVE-2024-29100WordPress AI Engine plugin <= 2.1.4 - Arbitrary File Upload vulnerability9.1
- CVE-2024-0378AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting6.5
Product normalization is registry-driven with AI assist and human review. How it works