GCVE - cpe:2.3:a:coderevolution:aiomatic:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:coderevolution:aiomatic:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Coderevolution (`32b31726-d241-548e-8113-38e65f899083`)
Product	Aiomatic (`7b79a8af-1290-55d4-967a-fe83725ce0b9`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-6206`	vulnerable	2026-06-08 07:43:14.538690	Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload HIGH (7.5) The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. In order to exploit the vulnerability, there must be a value entered for the Stability.AI API key. The value can be arbitrary. Published: 2025-06-24T08:23:55.136Z Updated: 2026-04-08T17:06:16.386Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/8e0ff2d6-65d2-4a54-b3e5-64b424013313?source=cve https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369#item-description__changelog	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5969`	vulnerable	2026-06-08 06:56:18.102558	AIomatic - Automatic AI Content Writer <= 2.0.5 - Unauthenticated Arbitrary Email Sending MEDIUM (5.8) The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. Published: 2024-07-27T07:33:46.658Z Updated: 2026-04-08T17:19:12.064Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-34435`	vulnerable	2026-06-08 06:37:33.291779	WordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3. Published: 2024-06-09T11:57:35.799Z Updated: 2026-04-28T16:09:48.916Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/aiomatic-automatic-ai-content-writer/wordpress-aiomatic-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13882`	vulnerable	2026-06-08 06:25:38.689049	Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload HIGH (8.8) The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_generate_featured_image' function in all versions up to, and including, 2.3.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Published: 2025-03-08T08:22:56.807Z Updated: 2026-04-08T17:00:30.475Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/7108df0d-771a-4404-b90d-8ac8bc572898?source=cve https://coderevolution.ro/knowledge-base/faq/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13816`	vulnerable	2026-06-08 06:25:38.551173	Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions MEDIUM (5.4) The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, delete templates, and clear logs. The vulnerability was partially patched in version 2.3.5. Published: 2025-03-08T08:22:56.377Z Updated: 2026-04-08T16:58:45.561Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/69de7d93-b255-4d41-8680-9762ff632804?source=cve https://coderevolution.ro/knowledge-base/faq/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit/#item-description__changelog	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.