汇总 coderevolution 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 跨站脚本与输入验证问题,在 生产负载与软件部署 使用场景中可能带来 会话劫持与异常行为 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-6206 | The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. In order to ex | [email protected] | 7.5 | 0.45% | 2025-06-24 | 2025-08-13 |
| CVE-2024-13882 | The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_generate_featured_image' function in all versions up to, and including, 2.3.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | [email protected] | 8.8 | 0.68% | 2025-03-08 | 2025-03-13 |
| CVE-2024-13816 | The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, dele | [email protected] | 5.4 | 0.22% | 2025-03-08 | 2025-03-24 |
| CVE-2024-51681 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs wp-pocket-urls allows Stored XSS.This issue affects WP Pocket URLs: from n/a through <= 1.0.3. | [email protected] | 6.5 | 0.29% | 2024-11-04 | 2026-04-23 |
| CVE-2024-9265 | The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator. | [email protected] | 9.8 | 0.60% | 2024-10-01 | 2024-10-07 |
| CVE-2024-5969 | The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. | [email protected] | 5.8 | 0.35% | 2024-07-27 | 2025-08-08 |
| CVE-2024-34435 | Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3. | [email protected] | 4.3 | 0.32% | 2024-06-09 | 2024-11-26 |
| CVE-2023-49176 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2. | [email protected] | 7.1 | 0.40% | 2023-12-15 | 2026-04-28 |