Server-Side Request Forgery in AI Power: Complete AI Pack Plugin for WordPress
CVE-2024-13360

5.4MEDIUM

What is CVE-2024-13360?

The AI Power: Complete AI Pack plugin for WordPress contains a Server-Side Request Forgery vulnerability that allows authenticated users with subscriber-level access and above to exploit the wpaicg_troubleshoot_add_vector() function. This vulnerability enables attackers to initiate web requests to arbitrary locations from the web application, potentially allowing them to query and alter sensitive information from internal services. Users are urged to update to the latest version to mitigate this risk.

Affected Version(s)

AI Puffer – Your AI engine for WordPress (formerly AI Power) 0 <= 1.8.96

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Khayal Farzaliyev
.