WordPress AI Power: Complete AI Pack Plugin Security Update Advisory (CVE-2024-10392)

Nov 04 2024

Overview

An update has been released to address vulnerabilities in WordPress AI Power: Complete AI Pack Plugin. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-10392

AI Power: Complete AI Pack versions: ~ 1.8.89 (inclusive)

Resolved Vulnerabilities

Vulnerability in the ‘handle_image_upload’ function in the AI Power: Complete AI Pack plugin for WordPress due to lack of file type validation, which allows unauthenticated attackers to upload arbitrary files and possibly cause remote code execution (CVE-2024-10392)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-10392

AI Power: Complete AI Pack version: 1.8.90

Referenced Sites

[1] CVE-2024-10392 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-10392

[2] AI Power: Complete AI Pack <= 1.8.89 – Unauthenticated Arbitrary File Upload

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/gpt3-ai-content-generator/ai-power-complete-ai-pack-1889-unauthenticated-arbitrary-file-upload

WordPress AI Power: Complete AI Pack Plugin Security Update Advisory (CVE-2024-10392)

Google Chrome Browser (130.0.6723.91/.92) Security Update Advisory

ServiceNow Now Platform Security Update Advisory (CVE-2024-8923)

Tags:

Google Chrome Browser (130.0.6723.91/.92) Security Update Advisory

ServiceNow Now Platform Security Update Advisory (CVE-2024-8923)