The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.
Metrics
Affected Vendors & Products
References
History
Wed, 03 Sep 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 03 Sep 2025 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users. | |
Title | Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion | |
Weaknesses | CWE-862 | |
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-09-03T20:47:15.585Z
Reserved: 2025-07-27T14:53:48.378Z
Link: CVE-2025-8268

Updated: 2025-09-03T20:47:10.761Z

Status : Received
Published: 2025-09-03T21:15:33.357
Modified: 2025-09-03T21:15:33.357
Link: CVE-2025-8268

No data.

No data.