WordPress Plugin Vulnerabilities

AI Power: Complete AI Pack < 1.8.90 - Unauthenticated Arbitrary File Upload

Description

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
gpt3-ai-content-generator
Fixed in 1.8.90

References

CVE
CVE-2024-10392
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8a45c9-ca48-4ea6-b34e-f05206f16155

Miscellaneous

Original Researcher
vgo0
Verified
No
WPVDB ID
5a36bd36-f57a-48fd-ab79-2243371f0d44

Timeline

Publicly Published
2024-10-30 (about 1 year ago)
Added
2024-10-30 (about 1 year ago)
Last Updated
2024-10-31 (about 1 year ago)

Other

Published
Title
Published
2026-04-06
Title
Ninja Forms - File Upload < 3.3.27 - Unauthenticated Arbitrary File Upload
Published
2025-12-01
Title
SureMail < 1.9.1 - Unauthenticated Arbitrary File Upload
Published
2013-11-29
Title
OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
dagda - Custom Background Shell Upload
Published
2025-11-17
Title
Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload