Approved changes feed: RSS · Atom
cpe:2.3:a:meowapps:ai_engine:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Meowapps (407f2578-7e92-5d75-89e3-8220d8ef9988) |
|---|---|
| Product | Ai Engine (8b1197b2-096f-5814-b121-9598ad559af0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-5570 |
vulnerable | 2026-06-08 07:37:25.190294 |
AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter
MEDIUM (5.4)
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-07-08T01:43:47.424Z
Updated: 2026-04-08T17:12:48.771Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5071 |
vulnerable | 2026-06-08 07:35:24.094462 |
AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP
HIGH (8.8)
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
Published: 2025-06-19T09:23:47.875Z
Updated: 2025-06-20T13:11:34.092Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6723 |
vulnerable | 2026-06-08 06:58:20.252988 |
AI Engine < 2.4.8 - Admin+ SQLi
The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.
Published: 2024-09-13T06:00:02.961Z
Updated: 2024-09-13T15:30:32.161Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6451 |
vulnerable | 2026-06-08 06:58:19.494134 |
AI Engine < 2.5.1 - Admin+ RCE
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php.
Published: 2024-08-19T06:00:05.024Z
Updated: 2024-08-19T17:10:21.720Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38791 |
vulnerable | 2026-06-08 06:41:48.125794 |
WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability
MEDIUM (4.9)
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7.
Published: 2024-08-01T20:46:22.846Z
Updated: 2026-04-28T16:10:07.230Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34440 |
vulnerable | 2026-06-08 06:37:33.301838 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29100 |
vulnerable | 2026-06-08 06:33:28.736114 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29090 |
vulnerable | 2026-06-08 06:33:28.714791 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10499 |
vulnerable | 2026-06-08 06:23:46.792143 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0699 |
vulnerable | 2026-06-08 06:22:01.804659 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51409 |
vulnerable | 2026-06-08 06:16:17.469502 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2580 |
vulnerable | 2026-06-08 06:02:42.570982 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.