AI Engine – The Chatbot, AI Framework & MCP for WordPress

Vulnerabilities 27Slug ai-engineLatest version 3.4.7WordPress.org →

Minimum safe version

4.7.8

Update to 4.7.8 or later to address 27 fixable vulnerabilities

Latest available3.4.7 ✗

N/A

2025-11-18< 3.1.9

AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery

Wordfence CVE

Medium 6.5

2025-09-03< 2.9.6

Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion

Wordfence EUVD CVE

N/A

2026-01-27< 3.3.3

AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

Wordfence CVE

N/A

2026-01-27< 3.3.3

AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint

Wordfence CVE

Critical 9.1

2026-03-05< 3.3.3

CVE-2026-23802

CVE Wordfence

High 7.1

2025-11-13< 3.1.9

CVE-2025-12844

CVE Wordfence

Critical 9.8

2025-11-05< 3.1.4

CVE-2025-11749

CVE Wordfence

High 8.8

2025-07-31≥ 2.9.3 and < 2.9.5

AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

EUVD Wordfence CVE

Medium 6.5

2025-07-24< 2.9.5

AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

EUVD Wordfence CVE

Medium 5.4

2025-07-08< 2.8.5

AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter

EUVD Wordfence CVE

High 8.0

2025-07-04< 2.8.5

AI Engine 2.8.4 - Insecure OAuth Implementation

EUVD Wordfence CVE

High 8.8

2025-06-18≥ 2.8.0 and < 2.8.4

AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP

Wordfence CVE

High 7.2

2024-12-12< 2.6.5

CVE-2024-10499

CVE Patchstack Wordfence

Medium 4.7

2024-09-13< 2.4.8

CVE-2024-6723

CVE Patchstack Wordfence

High 7.2

2024-08-19< 2.5.1

CVE-2024-6451

CVE Patchstack Wordfence

High 7.1

2024-08-01< 2.4.8

CVE-2024-38791

CVE Patchstack Wordfence

High 7.2

2024-05-13< 2.2.70

CVE-2024-34440

CVE Patchstack Wordfence

Medium 6.8

2024-03-28< 2.1.5

CVE-2024-29090

CVE Wordfence Patchstack

Critical 9.1

2024-03-28< 2.1.5

CVE-2024-29100

CVE Patchstack

Medium 6.1

2024-03-02< 2.2.1

CVE-2024-0378

CVE Wordfence Patchstack WPScan

High 7.2

2024-02-05< 2.1.5

CVE-2024-0699

CVE Patchstack WPScan

N/A

2024-01-18< 2.1.5

AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url

Wordfence

Critical 10.0

2024-04-12< 1.9.99

CVE-2023-51409

CVE Patchstack Wordfence WPScan

Medium 4.8

2023-09-04< 4.7.8

CVE-2023-4253

CVE Patchstack

Medium 4.8

2023-06-27< 1.6.83

CVE-2023-2580

CVE WPScan

N/A

2023-05-19< 1.6.83

WordPress AI Engine: ChatGPT Chatbot Plugin < 1.6.83 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-05-19< 1.6.83

AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable <= 1.6.82 - Authenticated (Admin+) Stored Cross-Site Scripting

Wordfence