Vulnerabilities and security researches forgpt3-ai-content-generator gpt3-ai-content-generator
Direction: ascendingJun 06, 2024
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2023-0405
- CVE, Research URL
- Date
- Feb 13, 2023
- Research Description
- The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2023-51527
- CVE, Research URL
- Date
- Dec 29, 2023
- Research Description
- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2023-51528
- CVE, Research URL
- Date
- Feb 29, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jul 05, 2024
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2024-37465
- CVE, Research URL
- Date
- Jul 22, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.This issue affects GPT3 AI Content Writer: from n/a through 1.8.66.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 31, 2024
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2024-10392
- CVE, Research URL
- Date
- Oct 31, 2024
- Research Description
- The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 23, 2025
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2025-0429
- CVE, Research URL
- Date
- Jan 22, 2025
- Research Description
- The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2025-0428
- CVE, Research URL
- Date
- Jan 22, 2025
- Research Description
- The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2024-13361
- CVE, Research URL
- Date
- Jan 22, 2025
- Research Description
- The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2024-13360
- CVE, Research URL
- Date
- Jan 22, 2025
- Research Description
- The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
May 09, 2025
AI Power: Complete AI Pack – Powered by GPT-4 # CVE-2025-47470
- CVE, Research URL
- Date
- May 07, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable