Vulnerabilities > CVE-2024-13360 - Server-Side Request Forgery (SSRF) vulnerability in Aipower

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
aipower
CWE-918
NVD
Published: 2025-01-22
Updated: 2025-01-24

Summary

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Vulnerable Configurations

Part Description Count
Application
Aipower
475

Common Weakness Enumeration (CWE)

References