Vulnerabilities and security researches forai-image-generator-lab ai-image-generator-lab

Jun 15, 2025

CVE, Research URL: CVE-2025-4592
Home page URL: Security reports for AI Image Lab – Free AI Image Generator
Application: AI Image Lab – Free AI Image Generator
Date: Jun 14, 2025
Research Description: The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable