VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 10 known issues Latest disclosed May 07, 2025

AI Puffer – Chat. Create. Automate. (formerly AI Power) Vulnerabilities

Review known vulnerability records for the WordPress plugin AI Puffer – Chat. Create. Automate. (formerly AI Power) (`gpt3-ai-content-generator`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-47470, CVE-2025-0429 and CVE-2025-0428, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
10
High or Critical
4
Patch Coverage
100%
Last Updated
May 12, 2025
Priority CVE Quick Links

Fast paths into AI Puffer – Chat. Create. Automate. (formerly AI Power) CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
10
CVE-2024-10392 Critical 1.8.90
CVE-2024-10392 AI Puffer – Chat. Create. Automate. (formerly AI Power) Remote Code Execution

AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload

CVE-2023-0405 High 1.4.38
CVE-2023-0405 AI Puffer – Chat. Create. Automate. (formerly AI Power) Authorization Bypass

GPT AI Power <= 1.4.37 - Missing Authorization

CVE-2025-0429 High 1.8.97
CVE-2025-0429 AI Puffer – Chat. Create. Automate. (formerly AI Power) Vulnerability

AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms

CVE-2025-0428 High 1.8.97
CVE-2025-0428 AI Puffer – Chat. Create. Automate. (formerly AI Power) Vulnerability

AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts

CVE-2024-37465 Medium 1.8.67
CVE-2024-37465 AI Puffer – Chat. Create. Automate. (formerly AI Power) Stored Cross-Site Scripting

GPT3 AI Content Writer <= 1.8.66 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-13361 Medium 1.8.97
CVE-2024-13361 AI Puffer – Chat. Create. Automate. (formerly AI Power) Vulnerability

AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

CVE-2024-13360 Medium 1.8.97
CVE-2024-13360 AI Puffer – Chat. Create. Automate. (formerly AI Power) Server-Side Request Forgery

AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery

CVE-2023-51527 Medium 1.8.3
CVE-2023-51527 AI Puffer – Chat. Create. Automate. (formerly AI Power) Vulnerability

AI Power: Complete AI Pack – Powered by GPT-4 <= 1.8.1 - Missing Authorization to Sensitive Data Exposure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for AI Puffer – Chat. Create. Automate. (formerly AI Power) so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
10 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 3 high severity findings.
Recent CVEs
CVE-2025-47470, CVE-2025-0429 and CVE-2025-0428
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for AI Puffer – Chat. Create. Automate. (formerly AI Power)

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-47470
CVE-2025-47470: GPT3 AI Content Writer <= 1.9.14 - Cross-Site Request Forgery

The GPT3 AI Content Writer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.14. This is due to missing or incorrect nonce validation on the wpaicg_generate_custom_prompt() function. This makes it possible for unauthenticated a...

Published
May 07, 2025
Patched Release
1.9.15
Affected Versions
Versions up to 1.9.14
Next Step
Update to 1.9.15 or newer if supported.
Open CVE-2025-47470 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-0429
CVE-2025-0429: AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authentic...

Published
Jan 21, 2025
Patched Release
1.8.97
Affected Versions
Versions up to 1.8.96
Next Step
Update to 1.8.97 or newer if supported.
Open CVE-2025-0429 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-0428
CVE-2025-0428: AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticate...

Published
Jan 21, 2025
Patched Release
1.8.97
Affected Versions
Versions up to 1.8.96
Next Step
Update to 1.8.97 or newer if supported.
Open CVE-2025-0428 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13361
CVE-2024-13361: AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-lev...

Published
Jan 21, 2025
Patched Release
1.8.97
Affected Versions
Versions up to 1.8.96
Next Step
Update to 1.8.97 or newer if supported.
Open CVE-2024-13361 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13360
CVE-2024-13360: AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to m...

Published
Jan 21, 2025
Patched Release
1.8.97
Affected Versions
Versions up to 1.8.96
Next Step
Update to 1.8.97 or newer if supported.
Open CVE-2024-13360 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-10392
CVE-2024-10392: AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbit...

Published
Oct 30, 2024
Patched Release
1.8.90
Affected Versions
Versions up to 1.8.89
Next Step
Update to 1.8.90 or newer if supported.
Open CVE-2024-10392 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-37465
CVE-2024-37465: GPT3 AI Content Writer <= 1.8.66 - Authenticated (Contributor+) Stored Cross-Site Scripting

The GPT3 AI Content Writer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.66 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

Published
Jul 01, 2024
Patched Release
1.8.67
Affected Versions
Versions up to 1.8.66
Next Step
Update to 1.8.67 or newer if supported.
Open CVE-2024-37465 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-51528
CVE-2023-51528: GPT3 AI Content Writer <= 1.8.12 - Cross-Site Request Forgery

The GPT3 AI Content Writer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.12. This is due to missing or incorrect nonce validation on the wpaicg_export_logs_callback() function. This makes it possible for unauthenticated att...

Published
Dec 27, 2023
Patched Release
1.8.13
Affected Versions
Versions up to 1.8.12
Next Step
Update to 1.8.13 or newer if supported.
Open CVE-2023-51528 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-51527
CVE-2023-51527: AI Power: Complete AI Pack – Powered by GPT-4 <= 1.8.1 - Missing Authorization to Sensitive Data Exposure

The AI Power: Complete AI Pack – Powered by GPT-4 plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_export_logs_callback() function in all versions up to, and including, 1.8.2. This makes it possible for unauthenticated atta...

Published
Dec 27, 2023
Patched Release
1.8.3
Affected Versions
Versions up to 1.8.2
Next Step
Update to 1.8.3 or newer if supported.
Open CVE-2023-51527 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-0405
CVE-2023-0405: GPT AI Power <= 1.4.37 - Missing Authorization

The GPT AI Power plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 1.4.37. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to updat...

Published
Jan 19, 2023
Patched Release
1.4.38
Affected Versions
Versions up to 1.4.37
Next Step
Update to 1.4.38 or newer if supported.
Open CVE-2023-0405 Report Open CVE Reference