Vulnerabilities > Aipower > Aipower > 1.8.69
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-22 | CVE-2024-13360 | Server-Side Request Forgery (SSRF) vulnerability in Aipower The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). | 5.4 |
| 2025-01-22 | CVE-2024-13361 | Missing Authorization vulnerability in Aipower The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. | 8.8 |
| 2025-01-22 | CVE-2025-0428 | Deserialization of Untrusted Data vulnerability in Aipower The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. | 7.2 |
| 2025-01-22 | CVE-2025-0429 | Deserialization of Untrusted Data vulnerability in Aipower The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. | 7.2 |