Meowapps: >> Ai Engine >> 2.2.3 Security Vulnerabilities
The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVSS Score
7.2
EPSS Score
0.002
Published
2024-12-12
The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.
CVSS Score
4.7
EPSS Score
0.002
Published
2024-09-13
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php.
CVSS Score
7.2
EPSS Score
0.016
Published
2024-08-19
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-08-01
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-05-14