๐Ÿ” CVE Alert

CVE-2026-12511

HIGH 8.1

AI Engine < 3.5.5 - Editor+ Arbitrary File Write via Path Traversal

CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal.

Vendor unknown
Product ai engine
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for unknown ai engine

Be the first to know when new high vulnerabilities affecting unknown ai engine are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / AI Engine
0 < 3.5.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/cf3cf59e-da36-429b-8794-5a46587e8462/

Credits

Meher Sudhakar Abbireddi WPScan