CVE-2026-12511
AI Engine < 3.5.5 - Editor+ Arbitrary File Write via Path Traversal
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal.
| Vendor | unknown |
| Product | ai engine |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown ai engine
Be the first to know when new high vulnerabilities affecting unknown ai engine are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / AI Engine
0 < 3.5.5
References
Credits
Meher Sudhakar Abbireddi WPScan