Home

Description

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal.

PUBLISHED Reserved 2026-06-17 | Published 2026-07-14 | Updated 2026-07-14 | Assigner WPScan

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before 3.5.5
affected

Credits

Meher Sudhakar Abbireddi finder

WPScan coordinator

References

wpscan.com/...rability/cf3cf59e-da36-429b-8794-5a46587e8462/ exploit vdb-entry technical-description

cve.org (CVE-2026-12511)

nvd.nist.gov (CVE-2026-12511)

Download JSON