cleantalk
Vulnerabilities and Security Researches

AI Engine, 7f5449dc8d09819a2b897628d4142dd44c0ac3e9

CVE, Research URL

7f5449dc8d09819a2b897628d4142dd44c0ac3e9

Home page URL

Security reports for AI Engine

Application

AI Engine

Published on
Jan 18, 2024
Research Description
AI Engine &#8211; The Chatbot, AI Framework &amp; MCP for WordPress [ai-engine] < 2.1.5 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2024-29100 is likely a duplicate of this issue.
Affected versions
max 2.1.5.
Status
vulnerable
Previous vulnerability researches
WP-Appbox (CVE-2025-1489) , Feb 24, 2025
WP-Appbox (b78e4a3b-e432-4968-8b83-125f3bac15cd) , Jun 16, 2026
WP-Appbox (38323495c61fe870f9687d2fb34e8fdaa47f2cea) , Jun 16, 2026
WP-Appbox (cec60394318af09fd303e279df20a93f055a959c) , Jun 16, 2026
WP-Appbox (CVE-2024-12710) , Dec 25, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026