CVE-2026-12510
Vulnerability Description
The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions feature is enabled.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
AI Engine
Discussion (0)
Add Comment
No comments yet. Be the first!