CVE-2026-12511
Vulnerability Description
The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
AI Engine
Discussion (0)
Add Comment
No comments yet. Be the first!