CNNVD-202601-4474 Information
CNNVD ID
CNNVD-202601-4474
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
WordPress plugin AI Engine是WordPress基金会的一个插件,可以用来构建智能聊天机器人,创建AI表单,并自动执行任务。 WordPress plugin AI Engine 3.3.2及之前版本存在代码问题漏洞,该漏洞源于get_audio函数存在服务端请求伪造,可能导致查询和修改内部服务信息。
Description (English)
WordPress Plugin AI Engineering is a plugin for the WordPress Foundation to build smart chat robots, create an AI form, and perform tasks automatically. WordPress plugin AI Engineering 3.3.2 and previous versions have a code problem loophole, which stems from the existence of a service-end request for forgery in the Get udio function, which may lead to queries and modifications of internal service information.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
WordPress
Published
2026-01-27
Last Modified
2026-02-24
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/cbba866d-93dd-4ef5-9670-ab958f61f06e?source=cve https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.1/classes/engines/chatml.php#L946 https://plugins.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classes/engines/chatml.php https://access.redhat.com/security/cve/cve-2026-0746
Patch
https://wordpress.org/plugins/ai-engine/
Share on: