AI Component

Plugin

Plugin and tool vulnerabilities affect the external integrations that extend AI systems — browser tools, code interpreters, API connectors, and file system access in agent frameworks.

123

Total CVEs

Pages

Page 2 of 7

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	CVE-2025-6716	Contest Gallery WP Plugin: Stored XSS in OpenAI integration		6.4
MEDIUM	CVE-2025-7780	WordPress AI Engine: SSRF leaks files via OpenAI API		6.5
MEDIUM	CVE-2025-54558	OpenAI Codex CLI: sandbox bypass via ripgrep flag abuse		4.1
HIGH	CVE-2025-7725	WP Contest Gallery: Stored XSS exposes OpenAI API creds		7.2
MEDIUM	CVE-2025-60511	Moodle: IDOR enables unauthorized data access		4.3
MEDIUM	CVE-2025-12360	Better: security flaw enables exploitation		4.3
MEDIUM	CVE-2025-11972	AI component: SQL Injection exposes database		4.9
MEDIUM	CVE-2025-12732	AI component: Info Disclosure leaks sensitive data		4.3
HIGH	CVE-2025-12973	AI component: Arbitrary File Upload enables RCE		7.2
MEDIUM	CVE-2025-13354	taxopress: Missing Auth allows unauthorized operations		4.3
MEDIUM	CVE-2025-13359	taxopress: SQL Injection exposes database		6.5
MEDIUM	CVE-2025-13922	AI component: SQL Injection exposes database		6.5
MEDIUM	CVE-2025-14371	AI component: Missing Auth allows unauthorized operations		4.3
MEDIUM	CVE-2025-14980	BetterDocs: Info Disclosure leaks sensitive data		6.5
UNKNOWN	CVE-2024-10950	gpt_academic: RCE via unsandboxed prompt injection	gpt_academic	-
HIGH	CVE-2025-66404	mcp-server-kubernetes: Command Injection enables RCE		8.8
LOW	CVE-2026-24764	OpenClaw: indirect prompt injection via Slack metadata	openclaw	3.7
HIGH	CVE-2026-26321	OpenClaw: path traversal enables local file exfiltration	openclaw	7.5
CRITICAL	CVE-2026-2654	smolagents: SSRF allows internal network access	smolagents	9.8
MEDIUM	CVE-2021-28796	Qiita::Markdown: XSS in transformer components		6.1

Page 2 of 7

Previous Next

Related AI Components

Framework API Agent Model Inference Training Data

Plugin

Related AI Components

Weekly CISO Take + top threats