CVE-2026-0746 - Vulnerability Details

- AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

Description

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services, if "Public API" is enabled in the plugin settings, and 'allow_url_fopen' is set to 'On' on the server.

Published: 2026-01-27

Score: 6.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The AI Engine plugin for WordPress contains a Server‑Side Request Forgery flaw in the get_audio function that allows any authenticated user with Subscriber‑level permissions or higher to issue arbitrary HTTP requests from the web application. An attacker can query and, if the Public API is enabled and the server’s allow_url_fopen is On, potentially modify data on internal services, exposing confidentiality and integrity risks to internal resources and possibly compromising availability if abusive traffic is generated. This weakness is categorized as CWE‑918.

Affected Systems

All versions of the AI Engine – The Chatbot, AI Framework & MCP for WordPress up to and including 3.3.2 are affected. The plugin is distributed by tigroumeow and installed via WordPress’s plugin system.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.4, indicating moderate severity. The EPSS score is below 1 %, implying that, despite the presence of the flaw, the likelihood of exploitation is currently low. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated state, so a compromised or malicious subscriber account can leverage the flaw, but an attacker must first obtain login credentials or otherwise elevate to a role with the necessary permissions.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

tigroumeow

AI Engine – The Chatbot, AI Framework & MCP for WordPress

unaffected

Version	Status	Constraints
`0`	affected	≤ 3.3.2

No data.

Vendor	Product	Confidence	Versions
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest official update for AI Engine (≥ 3.3.3).
Disable the Public API setting in the plugin to block access to internal services.
Set allow_url_fopen to Off in the server’s PHP configuration to prevent outbound requests from the application.

Generated by OpenCVE AI on April 15, 2026 at 19:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.1/classes/engines/chatml.php#L946
https://plugins.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classes/engines/chatml.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/cbba866d-93dd-4ef5-9670-ab958f61f06e?source=cve

History

Wed, 28 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 28 Jan 2026 12:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wordpress Wordpress wordpress
Vendors & Products		Wordpress Wordpress wordpress

Tue, 27 Jan 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services, if "Public API" is enabled in the plugin settings, and 'allow_url_fopen' is set to 'On' on the server.
Title		AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery
Weaknesses		CWE-918
References		https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.1/classes/engines/chatml.php#L946 https://plugins.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classes/engines/chatml.php https://www.wordfence.com/threat-intel/vulnerabilities/id/cbba866d-93dd-4ef5-9670-ab958f61f06e?source=cve
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}`

Subscriptions

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-01-27T18:27:55.920Z

Updated: 2026-04-08T17:23:35.066Z

Reserved: 2026-01-08T19:06:51.188Z

Link: CVE-2026-0746

Vulnrichment

Updated: 2026-01-28T14:10:41.336Z

NVD

Status : Deferred

Published: 2026-01-27T19:16:13.460

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0746

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T19:15:12Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object