Salvador – AI Image Generator <= 1.0.11 - Missing Authorization

• 23 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

EntreBase Advisory: The Salvador – AI Image Generator plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Read more about this vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/id/f42c6462-9206-460c-94c0-859306886c88?source=api-prod