Unauthenticated Remote Code Execution Vulnerability in AI Power Complete AI Pack plugin for WordPress
CVE-2024-10392
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 31 October 2024
What is CVE-2024-10392?
The AI Power: Complete AI Pack plugin for WordPress is susceptible to an arbitrary file upload vulnerability due to insufficient validation of file types in the 'handle_image_upload' function. This flaw affects all versions of the plugin up to and including version 1.8.89. Attackers without authentication can exploit this vulnerability to upload arbitrary files to the server, potentially leading to remote code execution. This poses a significant risk for users of the affected plugin and highlights the necessity for vigilant security measures, including timely updates and security practices.
Affected Version(s)
AI Puffer β Your AI engine for WordPress (formerly AI Power) 0 <= 1.8.89
References
EPSS Score
13% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved