๐Ÿ” CVE Alert

CVE-2026-12510

UNKNOWN 0.0

AI Engine < 3.5.5 - Subscriber+Chatbot Discussion Disclosure and Takeover via IDOR

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions feature is enabled.

Vendor unknown
Product ai engine
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for unknown ai engine

Be the first to know when new unknown vulnerabilities affecting unknown ai engine are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / AI Engine
0 < 3.5.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/b7825c8a-1817-4a17-b641-076e48ac7c2e/

Credits

Shivamani Vastrala WPScan