Vulnerability history

Authenticated (Subscriber+) Privilege Escalation vulnerability

Arbitrary File Upload vulnerability

Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated (Editor+) Server-Side Request Forgery vulnerability

Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization vulnerability

Unauthenticated Sensitive Information Exposure to Privilege Escalation vulnerability

Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion vulnerability

Authenticated (Subscriber+) Arbitrary File Upload

Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions vulnerability

Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter vulnerability

Insecure OAuth Implementation vulnerability

Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP vulnerability

Admin+ SQLi vulnerability

Admin+ SQLi vulnerability

Admin+ RCE vulnerability

Server Side Request Forgery (SSRF) vulnerability

Arbitrary File Upload vulnerability

Server Side Request Forgery (SSRF) vulnerability

Arbitrary File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability

Authenticated (Editor+) Arbitrary File Upload via add_image_from_url vulnerability

Unauthenticated Arbitrary File Upload vulnerability

Auth. Stored Cross-Site Scripting (XSS) vulnerability