The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.
History

Wed, 03 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 20:45:00 +0000

Type Values Removed Values Added
Description The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.
Title Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2025-09-03T20:47:15.585Z

Reserved: 2025-07-27T14:53:48.378Z

Link: CVE-2025-8268

cve-icon Vulnrichment

Updated: 2025-09-03T20:47:10.761Z

cve-icon NVD

Status : Received

Published: 2025-09-03T21:15:33.357

Modified: 2025-09-03T21:15:33.357

Link: CVE-2025-8268

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.