2.9.4 Authenticated (Subscriber+) Arbitrary File Upload
30 July, 2025
Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions vulnerability
23 July, 2025
Authenticated (Subscriber+) Stored CrossSite Scripting via `mwai_chatbot` Shortcode `id` Parameter vulnerability
7 July, 2025
Insecure OAuth Implementation vulnerability
3 July, 2025
Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP vulnerability
19 June, 2025