Skip to main content

Aiomatic

5 CVEs product

Monthly

CVE-2025-6206 HIGH This Week

The Aiomatic WordPress plugin (versions ≤2.5.0) contains an arbitrary file upload vulnerability in the 'aiomatic_image_editor_ajax_submit' AJAX function due to missing file type validation, allowing authenticated Subscriber-level users to upload malicious files and potentially achieve remote code execution. Exploitation requires a valid (though arbitrary) Stability.AI API key to be configured. This is a high-impact vulnerability affecting WordPress sites using this plugin, with CVSS 7.5 reflecting the combination of high confidentiality/integrity/authentication bypass risk despite high attack complexity.

WordPress RCE Aiomatic PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-13882 HIGH This Week

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload Aiomatic
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-13816 MEDIUM This Month

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Aiomatic
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-5969 MEDIUM This Month

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Aiomatic
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34435 HIGH This Week

Missing Authorization vulnerability in CodeRevolution Aiomatic.9.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aiomatic
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

The Aiomatic WordPress plugin (versions ≤2.5.0) contains an arbitrary file upload vulnerability in the 'aiomatic_image_editor_ajax_submit' AJAX function due to missing file type validation, allowing authenticated Subscriber-level users to upload malicious files and potentially achieve remote code execution. Exploitation requires a valid (though arbitrary) Stability.AI API key to be configured. This is a high-impact vulnerability affecting WordPress sites using this plugin, with CVSS 7.5 reflecting the combination of high confidentiality/integrity/authentication bypass risk despite high attack complexity.

WordPress RCE Aiomatic +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Aiomatic
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Aiomatic
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in CodeRevolution Aiomatic.9.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aiomatic
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy