Back to CVE List

CVE-2026-12510

Vulnerability Description

The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions feature is enabled.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
AI Engine

External References

Discussion (0)

Add Comment

No comments yet. Be the first!