cleantalk
Vulnerabilities and Security Researches

AI Power: Complete AI Pack – Powered by GPT-4, CVE-2024-13361

CVE, Research URL

CVE-2024-13361

Home page URL

Security reports for AI Power: Complete AI Pack – Powered by GPT-4

Application

AI Power: Complete AI Pack – Powered by GPT-4

Published on
Jan 22, 2025
Research Description
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page.
Affected versions
Min -, max 1.8.97.
Status
vulnerable
Previous vulnerability researches
AI Power: Complete AI Pack – Powered by GPT-4 (CVE-2025-0429) , Jan 23, 2025
AI Power: Complete AI Pack – Powered by GPT-4 (CVE-2025-0428) , Jan 23, 2025
AI Power: Complete AI Pack – Powered by GPT-4 (CVE-2024-13361) , Jan 23, 2025
AI Power: Complete AI Pack – Powered by GPT-4 (CVE-2024-13360) , Jan 23, 2025
AI Power: Complete AI Pack – Powered by GPT-4 (CVE-2024-10392) , Oct 31, 2024
New vulnerability
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-4206) , May 10, 2025
Top 10 – WordPress Popular posts by WebberZone (CVE-2025-47509) , May 09, 2025
Easy Replace Image (CVE-2025-47483) , May 09, 2025