Log out
Get PRO

Latest

Input validation vulnerability in AI Engine 2.6.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 21, 2024

The AI Engine plugin for WordPress is at risk of being hacked through a vulnerability called SQL Injection. This is because it does not properly protect the ‘value’ parameter, which is a piece of information given by the user, and the existing SQL query is not prepared enough. This means that someone who has been authorized as an Administrator or above can add extra SQL queries to ones that already exist, and use them to get private information from the database.

Detected in:

AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable fixed vulnerable versions: >= * <= 2.6.3

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.