Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tigroumeow — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting tigroumeow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by tigroumeow:AI Engine – The Chatbot, AI Framework & MCP for WordPressAI EngineMeow Gallery
CVE IDTitleCVSSSeverityPublished
CVE-2026-1400 AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-434 7.2 High2026-01-28
CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-918 6.4 Medium2026-01-27
CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-918 6.8 Medium2025-11-18
CVE-2025-12844 AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-502 7.1 High2025-11-13
CVE-2025-11749 AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-200 9.8 Critical2025-11-05
CVE-2025-8268 Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-862 6.5 Medium2025-09-03
CVE-2025-7847 AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload — AI EngineCWE-434 8.8 High2025-07-31
CVE-2025-7780 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-200 6.5 Medium2025-07-24
CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-79 5.4 Medium2025-07-08
CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation — AI EngineCWE-601 8.0 High2025-07-04
CVE-2025-5071 AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP — AI EngineCWE-863 8.8 High2025-06-19
CVE-2024-4386 Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Meow GalleryCWE-79 6.4 Medium2024-05-09
CVE-2024-0378 AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-79 6.5 Medium2024-03-02
CVE-2024-0699 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-434 6.6 Medium2024-02-05

This page lists every published CVE security advisory associated with tigroumeow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.