Home » Database

AVID-2026-R1666

Description

WordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability (CVE-2025-23954)

Details

Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11.

Reason for inclusion in AVID: CVE-2025-23954 concerns a WordPress plugin (Salvador – AI Image Generator) that provides AI image generation capabilities. It describes a broken access control (missing authorization) vulnerability in a component used to deliver AI-enabled functionality, which is directly related to AI tooling/utilities and could affect AI workflows deployed via WordPress. This falls under a software supply chain issue for AI systems since the plugin is a software component in AI image generation pipelines and can impact the security of AI deployments. The report provides CVE details, CWE-862, and CVSS data, offering clear evidence of a vulnerability.

References

Affected or Relevant Artifacts

  • Developer: AWcode & KingfisherFox
  • Deployer: AWcode & KingfisherFox
  • Artifact Details:
TypeName
SystemSalvador – AI Image Generator

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score4.3
Base Severity🟠 Medium
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges Required🟢 Low
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity Impact🟢 Low
Availability ImpactNONE

CWE

IDDescription
CWE-862CWE-862 Missing Authorization

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2025-01-16
  • Version: 0.3.3
  • AVID Entry