What the vulnerability does
01Description
Editor Privilege Escalation in AI Engine <= 3.4.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Editor Privilege Escalation in AI Engine <= 3.4.9 versions.
Explanation of Vulnerability in Simple Terms
AI Engine versions up to 3.4.9 contain an improper access control vulnerability affecting high-privilege users. An authenticated administrator can read sensitive data, modify site content, or disrupt service availability. The vulnerability requires administrative credentials to exploit and does not affect the broader site scope. Update to a version newer than 3.4.9.
What an attacker can do
Read sensitive data, modify content, or disrupt service availability with admin credentials.
Potential impact on your site
Compromised admin accounts can access confidential information and alter site functionality without additional restrictions.
Conditions required to exploit
Attacker must have administrator-level access to the WordPress site.
Key dates
External resources
Related vulnerabilities