Vulnerabilities > Meowapps > AI Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-6723 | SQL Injection vulnerability in Meowapps AI Engine The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions. | 4.7 |
| 2024-02-05 | CVE-2024-0699 | Unrestricted Upload of File with Dangerous Type vulnerability in Meowapps AI Engine The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. | 7.2 |
| 2023-06-27 | CVE-2023-2580 | Unspecified vulnerability in Meowapps AI Engine The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 4.8 |