We use cookies to improve your experience on our site.
AVID-2026-R1212
Description
AI-Engine < 1.6.83 - Admin+ Stored XSS (CVE-2023-2580)
Details
The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
Reason for inclusion in AVID: The CVE concerns the AI Engine WordPress plugin (an AI-related component used to deliver AI capabilities) with a stored XSS vulnerability in admin settings. This is a software supply-chain component used to build/run AI-enabled functionality on websites, representing a vulnerability in the AI stack (plugin/dependency). It is a CVE-style security vulnerability with public references (NVD/WPScan) providing sufficient signals.
References
Affected or Relevant Artifacts
- Developer: OpenAI
- Deployer: OpenAI
- Artifact Details:
| Type | Name |
|---|---|
| System | AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-06-27
- Version: 0.3.3
- AVID Entry