{"data":{"id":"b5cd9483-965b-43a5-99a1-590e1c5efcce","title":"CVE-2025-7780: The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,","summary":"The AI Engine WordPress plugin (a tool that adds AI features to WordPress websites) has a security flaw in versions up to 2.9.4 where the simpleTranscribeAudio endpoint (a connection point for audio transcription) fails to check what types of file locations are allowed before accessing files. This allows attackers with basic user access to read any file on the web server and steal it through the plugin's OpenAI integration (connection to OpenAI's service).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-7780","publishedAt":"2025-07-24T14:15:28.603Z","cveId":"CVE-2025-7780","cweIds":["CWE-200"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00054,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}