AI Threat Alert
AI Component
Plugin
Plugin and tool vulnerabilities affect the external integrations that extend AI systems — browser tools, code interpreters, API connectors, and file system access in agent frameworks.
111
Total CVEs
6
Pages
Page 1 of 6
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2026-2492 | TensorFlow: security flaw enables exploitation | - | |
| MEDIUM | CVE-2026-2589 | Greenshift: Info Disclosure leaks sensitive data | 5.3 | |
| CRITICAL | CVE-2026-28451 | OpenClaw: SSRF via Feishu extension exposes internal services | openclaw | 9.3 |
| CRITICAL | CVE-2026-30821 | flowise: Arbitrary File Upload enables RCE | flowise | 9.8 |
| CRITICAL | CVE-2023-34540 | LangChain: RCE via JiraAPIWrapper crafted input | langchain | 9.8 |
| CRITICAL | CVE-2023-39659 | LangChain: RCE via unsanitized PythonAstREPL input | langchain | 9.8 |
| CRITICAL | CVE-2023-39631 | LangChain: RCE via numexpr evaluate injection | langchain | 9.8 |
| CRITICAL | CVE-2025-46059 | LangChain GmailToolkit: indirect prompt injection to RCE | 9.8 | |
| MEDIUM | CVE-2023-1651 | AI ChatBot WP: auth bypass exposes OpenAI config + XSS | wpbot | 5.4 |
| MEDIUM | CVE-2024-0451 | wpbot: missing auth exposes OpenAI account files | wpbot | 5.0 |
| HIGH | CVE-2024-0452 | WordPress AI ChatBot: auth bypass enables OpenAI file upload | wpbot | 7.7 |
| HIGH | CVE-2024-0453 | WordPress ChatBot: missing authz deletes OpenAI files | wpbot | 7.7 |
| MEDIUM | CVE-2024-4858 | WP Testimonial Carousel: OpenAI API key hijack, no auth | 5.3 | |
| MEDIUM | CVE-2024-6845 | ChatGPT WP Plugin: OpenAI API key leak via unauth REST | 5.3 | |
| HIGH | CVE-2024-7714 | AYS ChatGPT WP Plugin: auth bypass disables AI service | 7.5 | |
| CRITICAL | CVE-2024-52384 | Sage AI Plugin: unrestricted upload → web shell RCE | 9.9 | |
| MEDIUM | CVE-2024-11896 | WP Text Prompter: Stored XSS in OpenAI shortcode plugin | 6.4 | |
| MEDIUM | CVE-2024-13698 | Jobify WP: missing authz allows OpenAI key abuse, SSRF | 6.5 | |
| MEDIUM | CVE-2025-31843 | OpenAI WP Plugin: broken access control on AI settings | 4.3 | |
| HIGH | CVE-2025-5018 | Hive Support WP: OpenAI key theft + prompt hijack | 7.1 |
Page 1 of 6