Aiomatic
Monthly
The Aiomatic WordPress plugin (versions ≤2.5.0) contains an arbitrary file upload vulnerability in the 'aiomatic_image_editor_ajax_submit' AJAX function due to missing file type validation, allowing authenticated Subscriber-level users to upload malicious files and potentially achieve remote code execution. Exploitation requires a valid (though arbitrary) Stability.AI API key to be configured. This is a high-impact vulnerability affecting WordPress sites using this plugin, with CVSS 7.5 reflecting the combination of high confidentiality/integrity/authentication bypass risk despite high attack complexity.
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Aiomatic WordPress plugin (versions ≤2.5.0) contains an arbitrary file upload vulnerability in the 'aiomatic_image_editor_ajax_submit' AJAX function due to missing file type validation, allowing authenticated Subscriber-level users to upload malicious files and potentially achieve remote code execution. Exploitation requires a valid (though arbitrary) Stability.AI API key to be configured. This is a high-impact vulnerability affecting WordPress sites using this plugin, with CVSS 7.5 reflecting the combination of high confidentiality/integrity/authentication bypass risk despite high attack complexity.
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.