Server-Side Request Forgery in AI Power: Complete AI Pack Plugin for WordPress
CVE-2024-13360
5.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 22 January 2025
What is CVE-2024-13360?
The AI Power: Complete AI Pack plugin for WordPress contains a Server-Side Request Forgery vulnerability that allows authenticated users with subscriber-level access and above to exploit the wpaicg_troubleshoot_add_vector() function. This vulnerability enables attackers to initiate web requests to arbitrary locations from the web application, potentially allowing them to query and alter sensitive information from internal services. Users are urged to update to the latest version to mitigate this risk.
Affected Version(s)
AI Puffer β Your AI engine for WordPress (formerly AI Power) 0 <= 1.8.96