Open Redirect Vulnerability in AI Engine Plugin for WordPress
CVE-2025-6238
8HIGH
What is CVE-2025-6238?
The AI Engine plugin for WordPress features an open redirect vulnerability in version 2.8.4 due to insecure OAuth implementation. The absence of validation in the 'redirect_uri' parameter during the authorization process allows unauthenticated attackers to redirect users to malicious URIs. This redirection can lead to the interception of authorization codes, enabling unauthorized retrieval of access tokens. It is crucial for users to upgrade to version 2.8.5, where the problematic OAuth class is not loaded, mitigating this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
AI Engine 2.8.4
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published