Back to CVE List

CVE-2026-12511

Vulnerability Description

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
AI Engine

External References

Discussion (0)

Add Comment

No comments yet. Be the first!