GCVE - cpe:2.3:a:aipower:aipower:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aipower:aipower:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Aipower (`e8ee5bee-d5d4-5494-8a68-ec7804817bbf`)
Product	Aipower (`b40466a5-13fa-5791-a7f6-b24037939b84`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-0429`	vulnerable	2026-06-08 07:02:24.590669	AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms HIGH (7.2) The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Published: 2025-01-22T07:29:40.953Z Updated: 2026-04-08T17:18:30.901Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/bb927aba-a96d-47b9-ba35-60945ea5cfe5?source=cve https://plugins.trac.wordpress.org/changeset/3224162/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0428`	vulnerable	2026-06-08 07:02:24.590166	AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts HIGH (7.2) The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Published: 2025-01-22T07:29:40.161Z Updated: 2026-04-08T16:58:02.855Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/66a3abc1-0508-4ce3-952b-7dbf3738879a?source=cve https://plugins.trac.wordpress.org/changeset/3224162/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37465`	vulnerable	2026-06-08 06:39:47.645814	WordPress AI Power: Complete AI Pack – Powered by GPT-4 plugin <= 1.8.66 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.This issue affects GPT3 AI Content Writer: from n/a through 1.8.66. Published: 2024-07-21T21:24:36.259Z Updated: 2026-04-28T16:09:59.336Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/gpt3-ai-content-generator/wordpress-ai-power-complete-ai-pack-powered-by-gpt-4-plugin-1-8-66-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13361`	vulnerable	2026-06-08 06:25:37.376473	AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution MEDIUM (6.3) The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page. Published: 2025-01-22T07:29:38.809Z Updated: 2026-04-08T16:36:18.094Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/11d49c89-43be-4e12-86b5-aa7a72a89803?source=cve https://plugins.trac.wordpress.org/changeset/3224162/gpt3-ai-content-generator/trunk/classes/wpaicg_image.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13360`	vulnerable	2026-06-08 06:25:37.375856	AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery MEDIUM (5.4) The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Published: 2025-01-22T07:29:39.434Z Updated: 2026-04-08T16:55:45.671Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6cbba-0e0c-4d2c-90d0-d7e0a5222df2?source=cve https://plugins.trac.wordpress.org/changeset/3224162/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51528`	vulnerable	2026-06-08 06:17:53.423489	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51527`	vulnerable	2026-06-08 06:17:53.422778	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.