{"id":3719,"date":"2025-08-01T03:40:52","date_gmt":"2025-08-01T03:40:52","guid":{"rendered":"https:\/\/www.stanventures.com\/news\/?p=3719"},"modified":"2025-11-05T09:23:55","modified_gmt":"2025-11-05T09:23:55","slug":"ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/","title":{"rendered":"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities"},"content":{"rendered":"<p data-start=\"314\" data-end=\"455\">A critical security flaw has been found in the popular AI Engine plugin for WordPress \u2014 currently active on more than 100,000 websites.<\/p>\n<p data-start=\"457\" data-end=\"566\">This marks the fifth vulnerability reported in the plugin this year, and the fourth one just in July.<\/p>\n<p data-start=\"568\" data-end=\"693\">What makes this worse?<\/p>\n<p data-start=\"568\" data-end=\"693\">Even low-level users with subscriber access can upload malicious files directly to the server.<\/p>\n<p data-start=\"695\" data-end=\"801\">If you\u2019re using this plugin to power AI features on your WordPress site, this one\u2019s too close for comfort.<\/p>\n<p data-start=\"803\" data-end=\"829\">But it doesn\u2019t stop there.<\/p>\n<p data-start=\"831\" data-end=\"1060\">A separate vulnerability has now been flagged in Customer Reviews for WooCommerce, another widely used plugin running on over 80,000 eCommerce sites. This one leaves them open to stored cross-site scripting (XSS) attacks.<\/p>\n<p data-start=\"1062\" data-end=\"1271\">And if you\u2019re thinking, \u201cI don\u2019t use WordPress, so I\u2019m good\u201d\u2014think again.<\/p>\n<p data-start=\"1062\" data-end=\"1271\">Wix just faced a major authentication flaw through its Base44 platform, exposing serious risks even in enterprise-grade apps.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\"><\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#ai-engine-plugin-vulnerability-exposes-100000-wordpress-sites\" >AI Engine Plugin Vulnerability Exposes 100,000+ WordPress Sites<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#woocommerce-plugin-flaw-affects-80000-sites-%e2%80%93-unauthenticated-stored-xss\" >WooCommerce Plugin Flaw Affects 80,000 Sites \u2013 Unauthenticated Stored XSS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#wixs-base44-platform-exposes-enterprise-level-vulnerability\" >Wix\u2019s Base44 Platform Exposes Enterprise-Level Vulnerability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#what-is-the-real-threat-here\" >What is The Real Threat Here?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#takeaways-for-developers-site-owners-and-enterprises\" >Takeaways for Developers, Site Owners and Enterprises<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#systemic-vulnerabilities-are-no-longer-rare\" >Systemic Vulnerabilities Are No Longer Rare<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"ai-engine-plugin-vulnerability-exposes-100000-wordpress-sites\"><\/span><b>AI Engine Plugin Vulnerability Exposes 100,000+ WordPress Sites<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In what\u2019s become an unsettlingly frequent occurrence, the AI Engine WordPress plugin installed on over 100,000 sites was found to harbor its fifth major vulnerability this year, and the fourth one just this July.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3720\" title=\"AI Engine Plugin Vulnerability\" src=\"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability.png\" alt=\"AI Engine Plugin Vulnerability\" width=\"612\" height=\"296\" srcset=\"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability.png 612w, https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability-300x145.png 300w\" sizes=\"auto, (max-width: 612px) 100vw, 612px\" \/><\/p>\n<p>This time, the flaw allows subscriber-level users, usually the lowest tier of access on a site to upload arbitrary files via the REST API, a vector that could potentially lead to remote code execution.<\/p>\n<p>How bad is it?<\/p>\n<p>CVSS Score: 8.8\/10 \u2014 high severity.<\/p>\n<h3><b>The underlying issue?\u00a0<\/b><\/h3>\n<p>Missing file type validation in versions 2.9.3 and 2.9.4 of the plugin. When WordPress allows file uploads, it usually validates the type of the file against its content and extension.<\/p>\n<p>But here, that step was skipped, making it dangerously easy for attackers to upload PHP files disguised as legitimate content.<\/p>\n<p>Imagine that a seemingly harmless subscriber uploads a corrupted audio file or image. In the backend, it is not just a file but a backdoor script.<\/p>\n<p>Here is what <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/ai-engine\/ai-engine-293-294-authenticated-subscriber-arbitrary-file-upload\">Wordfence said<\/a> in its advisory:<\/p>\n<p>\u201cThis makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site\u2019s server when the REST API is enabled, which may make remote code execution possible.\u201d<\/p>\n<p>This is not just theoretical.<\/p>\n<p>The plugin had nine vulnerabilities discovered in 2024 which includes one rated 9.8, which allowed unauthenticated file uploads and another rated 9.1.<\/p>\n<p>This new flaw adds to a growing list that is beginning to concern developers and security experts alike.<\/p>\n<p>The plugin\u2019s developer acted swiftly by releasing version 2.9.5, where changes include:<\/p>\n<ul>\n<li style=\"font-weight: 400;\">Fixing a server-side request forgery (SSRF) issue in audio transcription.<\/li>\n<li style=\"font-weight: 400;\">Sanitizing REST API parameters to prevent API key misuse.<\/li>\n<li style=\"font-weight: 400;\">Adding strict file type validation to eliminate arbitrary file uploads.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"woocommerce-plugin-flaw-affects-80000-sites-%e2%80%93-unauthenticated-stored-xss\"><\/span><b>WooCommerce Plugin Flaw Affects 80,000 Sites \u2013 Unauthenticated Stored XSS<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>And just as WordPress developers were patching AI Engine, another alert came in this time from the Customer Reviews for WooCommerce plugin, active on more than 80,000 websites.<\/p>\n<p>This vulnerability is classified as Stored Cross-Site Scripting (XSS). It allows attackers to insert malicious scripts into pages, which then execute every time a user (admin, buyer or site visitor) opens that page.<\/p>\n<p>And here is the important thing to understand: that no authentication is required. Literally anyone with access to the plugin\u2019s frontend could exploit it.<\/p>\n<p>The flaw lies in the \u2018author\u2019 parameter of the plugin\u2019s review submission form, which failed to properly sanitize input and escape output basic but critical security steps.<\/p>\n<p>From the Wordfence team:<\/p>\n<p>\u201cThe plugin is vulnerable to Stored Cross-Site Scripting via the \u2018author\u2019 parameter in all versions up to, and including, 5.80.2.<\/p>\n<p>This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\u201d<\/p>\n<p>Again, this is the kind of vulnerability that leads to site defacement, data theft or malicious redirects. A single review form field becomes a gateway for attackers to embed JavaScript that logs keystrokes or redirects users to phishing sites.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"wixs-base44-platform-exposes-enterprise-level-vulnerability\"><\/span><b>Wix\u2019s Base44 Platform Exposes Enterprise-Level Vulnerability<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Now, let\u2019s take this beyond WordPress. The folks at Wiz Security recently discovered a critical flaw in <a href=\"https:\/\/www.stanventures.com\/news\/wix-unveils-ai-visibility-overview-for-smarter-search-optimization-3615\/\">Wix\u2019s Base44<\/a> vibe coding platform, which had the potential to bypass authentication systems across enterprise-grade apps.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3721\" title=\"Wix\u2019s Base44 Platform Exposes Enterprise Level Vulnerability\" src=\"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/Wixs-Base44-Platform-Exposes-Enterprise-Level-Vulnerability.jpg\" alt=\"Wix\u2019s Base44 Platform Exposes Enterprise Level Vulnerability\" width=\"1224\" height=\"920\" srcset=\"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/Wixs-Base44-Platform-Exposes-Enterprise-Level-Vulnerability.jpg 1224w, https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/Wixs-Base44-Platform-Exposes-Enterprise-Level-Vulnerability-300x225.jpg 300w, https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/Wixs-Base44-Platform-Exposes-Enterprise-Level-Vulnerability-1024x770.jpg 1024w\" sizes=\"auto, (max-width: 1224px) 100vw, 1224px\" \/><\/p>\n<p>Let that sink in.<\/p>\n<p>Wix, known for its secure and scalable web development offerings, found itself in hot water when application IDs (app_id) supposed to be secret were exposed in public-facing URLs and manifest files.<\/p>\n<p>This exposure allowed attackers to:<\/p>\n<ol>\n<li style=\"font-weight: 400;\">Identify a valid app_id from a public link.<\/li>\n<li style=\"font-weight: 400;\">Use tools like <a href=\"https:\/\/swagger.io\/tools\/swagger-ui\/\">Swagger-UI<\/a> to simulate user registration even on apps with registration disabled.<\/li>\n<li style=\"font-weight: 400;\">Receive an OTP via email.<\/li>\n<li style=\"font-weight: 400;\">Log in and gain full access via the app\u2019s SSO flow.<\/li>\n<\/ol>\n<p>The applications affected were not toy apps either.<\/p>\n<p>Many were used for internal operations like HR management, knowledge bases or employee chat systems systems that handle personally identifiable information (PII) daily.<\/p>\n<p>Wiz put it bluntly:<br \/>\n\u201cWhat made this vulnerability particularly concerning was its simplicity which required only basic API knowledge to exploit.\u201d<\/p>\n<p>The implication? Systemic ecosystem-level risks from platforms moving too fast and skipping deep security validation.<\/p>\n<p>Wix did respond quickly, patching the issue within 24 hours. But the discovery raises an important question:<\/p>\n<p>If the manifest.json file publicly revealed the app_id, and it was that easy to spot with basic reconnaissance techniques, why hadn\u2019t it been caught in earlier security audits?<\/p>\n<p>Wiz didn\u2019t hold back:<\/p>\n<p>\u201cThis low barrier to entry meant attackers could systematically compromise multiple applications across the platform with minimal technical sophistication.\u201d<\/p>\n<h2><span class=\"ez-toc-section\" id=\"what-is-the-real-threat-here\"><\/span><b>What is The Real Threat Here?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We are seeing a pattern and one that does not end at WordPress or Wix. It is part of a broader issue.<\/p>\n<ul>\n<li style=\"font-weight: 400;\">AI integrations are expanding rapidly.<\/li>\n<li style=\"font-weight: 400;\">Low-code\/no-code platforms are empowering users but sometimes at the <a href=\"https:\/\/www.stanventures.com\/industries\/cybersecurity-seo\/\">expense of cybersecurity<\/a>.<\/li>\n<li style=\"font-weight: 400;\">Security measures like file validation, sanitization and hidden keys are being skipped or overlooked.<\/li>\n<\/ul>\n<p>When subscriber-level access or even no access, is enough to exploit a vulnerability, the traditional security models begin to falter.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"takeaways-for-developers-site-owners-and-enterprises\"><\/span><b>Takeaways for Developers, Site Owners and Enterprises<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ol>\n<li style=\"font-weight: 400;\"><b>Update Immediately<\/b>: If you are using AI Engine, upgrade to version 2.9.5. If you&#8217;re on WooCommerce Reviews, upgrade past 5.80.2.<\/li>\n<li style=\"font-weight: 400;\"><b>Audit Regularly<\/b>: Don\u2019t wait for public disclosures. Conduct security audits even for plugins and apps you trust.<\/li>\n<li style=\"font-weight: 400;\"><b>Avoid Complacency with Access Controls<\/b>: Don\u2019t assume subscriber-level users pose no threat.<\/li>\n<li style=\"font-weight: 400;\"><b>Inspect Public URLs<\/b>: If sensitive identifiers are visible, that is a red flag.<\/li>\n<li style=\"font-weight: 400;\"><b>Push Vendors for Transparency<\/b>: Whether it\u2019s WordPress, Wix or another platform, demand faster disclosure cycles and robust changelogs.<\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"systemic-vulnerabilities-are-no-longer-rare\"><\/span><b>Systemic Vulnerabilities Are No Longer Rare<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If 2024 showed signs of rising plugin-related security threats, 2025 is confirming the trend.<\/p>\n<p>AI-based plugins, review systems and vibe-coding platforms all promise speed and scale but without parallel advances in security, they can unravel entire ecosystems with a single flaw.<\/p>\n<p>But let\u2019s also remember that a plugin that makes life easier can also open the door to something far worse.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical security flaw has been found in the popular AI Engine plugin for WordPress \u2014 currently active on more than 100,000 websites. This marks the fifth vulnerability reported in the plugin this year, and the fourth one just in July. What makes this worse? Even low-level users with subscriber access can upload malicious files [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3719","post","type-post","status-publish","format-standard","hentry","category-seo"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities<\/title>\n<meta name=\"description\" content=\"AI plugin security flaws hit WordPress &amp; Wix. Learn how vulnerabilities in AI Engine, WooCommerce &amp; Base44 expose 180K+ sites to attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"AI plugin security flaws hit WordPress &amp; Wix. Learn how vulnerabilities in AI Engine, WooCommerce &amp; Base44 expose 180K+ sites to attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/\" \/>\n<meta property=\"og:site_name\" content=\"Stan Ventures\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/StanVentures\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-01T03:40:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-05T09:23:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability.png\" \/>\n<meta name=\"author\" content=\"Dileep Thekkethil\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dthekkethil\" \/>\n<meta name=\"twitter:site\" content=\"@stanventures\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dileep Thekkethil\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/\"},\"author\":{\"name\":\"Dileep Thekkethil\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#\\\/schema\\\/person\\\/87d00ff18daf9650e7c925ae4bf86efb\"},\"headline\":\"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities\",\"datePublished\":\"2025-08-01T03:40:52+00:00\",\"dateModified\":\"2025-11-05T09:23:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/\"},\"wordCount\":1149,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/AI-Engine-Plugin-Vulnerability.png\",\"articleSection\":[\"SEO\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/\",\"url\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/\",\"name\":\"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/AI-Engine-Plugin-Vulnerability.png\",\"datePublished\":\"2025-08-01T03:40:52+00:00\",\"dateModified\":\"2025-11-05T09:23:55+00:00\",\"description\":\"AI plugin security flaws hit WordPress & Wix. Learn how vulnerabilities in AI Engine, WooCommerce & Base44 expose 180K+ sites to attacks.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/AI-Engine-Plugin-Vulnerability.png\",\"contentUrl\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/AI-Engine-Plugin-Vulnerability.png\",\"width\":612,\"height\":296,\"caption\":\"AI Engine Plugin Vulnerability\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#website\",\"url\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/\",\"name\":\"Stan Ventures\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#organization\",\"name\":\"Stan Ventures\",\"url\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Stan-Ventures.webp\",\"contentUrl\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Stan-Ventures.webp\",\"width\":2001,\"height\":801,\"caption\":\"Stan Ventures\"},\"image\":{\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/StanVentures\\\/\",\"https:\\\/\\\/x.com\\\/stanventures\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/#\\\/schema\\\/person\\\/87d00ff18daf9650e7c925ae4bf86efb\",\"name\":\"Dileep Thekkethil\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/911bd385b9da54d4a69f19f536a6419e576244371bd6e7d96f06c583dd402fa9?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/911bd385b9da54d4a69f19f536a6419e576244371bd6e7d96f06c583dd402fa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/911bd385b9da54d4a69f19f536a6419e576244371bd6e7d96f06c583dd402fa9?s=96&d=mm&r=g\",\"caption\":\"Dileep Thekkethil\"},\"description\":\"Dileep Thekkethil is the Director of Marketing at Stan Ventures, where he applies over 15 years of SEO and digital marketing expertise to drive growth and authority. A former journalist with six years of experience, he combines strategic storytelling with technical know-how to help brands navigate the shift toward AI-driven search and generative engines. Dileep is a strong advocate for Google\u2019s EEAT standards, regularly sharing real-world use cases and scenarios to demystify complex marketing trends. He is an avid gardener of tropical fruits, a motor enthusiast, and a dedicated caretaker of his pair of cockatiels.\",\"sameAs\":[\"https:\\\/\\\/stanventures.com\\\/news\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/dileep-pradeep-3705aa53\\\/\",\"https:\\\/\\\/x.com\\\/dthekkethil\"],\"url\":\"https:\\\/\\\/www.stanventures.com\\\/news\\\/author\\\/admin_7mxgn8tx\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities","description":"AI plugin security flaws hit WordPress & Wix. Learn how vulnerabilities in AI Engine, WooCommerce & Base44 expose 180K+ sites to attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/","og_locale":"en_US","og_type":"article","og_title":"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities","og_description":"AI plugin security flaws hit WordPress & Wix. Learn how vulnerabilities in AI Engine, WooCommerce & Base44 expose 180K+ sites to attacks.","og_url":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/","og_site_name":"Stan Ventures","article_publisher":"https:\/\/www.facebook.com\/StanVentures\/","article_published_time":"2025-08-01T03:40:52+00:00","article_modified_time":"2025-11-05T09:23:55+00:00","og_image":[{"url":"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability.png","type":"","width":"","height":""}],"author":"Dileep Thekkethil","twitter_card":"summary_large_image","twitter_creator":"@dthekkethil","twitter_site":"@stanventures","twitter_misc":{"Written by":"Dileep Thekkethil","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#article","isPartOf":{"@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/"},"author":{"name":"Dileep Thekkethil","@id":"https:\/\/www.stanventures.com\/news\/#\/schema\/person\/87d00ff18daf9650e7c925ae4bf86efb"},"headline":"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities","datePublished":"2025-08-01T03:40:52+00:00","dateModified":"2025-11-05T09:23:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/"},"wordCount":1149,"commentCount":0,"publisher":{"@id":"https:\/\/www.stanventures.com\/news\/#organization"},"image":{"@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability.png","articleSection":["SEO"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/","url":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/","name":"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities","isPartOf":{"@id":"https:\/\/www.stanventures.com\/news\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#primaryimage"},"image":{"@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability.png","datePublished":"2025-08-01T03:40:52+00:00","dateModified":"2025-11-05T09:23:55+00:00","description":"AI plugin security flaws hit WordPress & Wix. Learn how vulnerabilities in AI Engine, WooCommerce & Base44 expose 180K+ sites to attacks.","breadcrumb":{"@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#primaryimage","url":"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability.png","contentUrl":"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2025\/07\/AI-Engine-Plugin-Vulnerability.png","width":612,"height":296,"caption":"AI Engine Plugin Vulnerability"},{"@type":"BreadcrumbList","@id":"https:\/\/www.stanventures.com\/news\/ai-engine-woocommerce-and-wix-hit-by-critical-vulnerabilities-3719\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stanventures.com\/news\/"},{"@type":"ListItem","position":2,"name":"AI Engine, WooCommerce, and Wix Hit by Critical Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.stanventures.com\/news\/#website","url":"https:\/\/www.stanventures.com\/news\/","name":"Stan Ventures","description":"","publisher":{"@id":"https:\/\/www.stanventures.com\/news\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stanventures.com\/news\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.stanventures.com\/news\/#organization","name":"Stan Ventures","url":"https:\/\/www.stanventures.com\/news\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stanventures.com\/news\/#\/schema\/logo\/image\/","url":"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2024\/06\/Stan-Ventures.webp","contentUrl":"https:\/\/www.stanventures.com\/news\/wp-content\/uploads\/2024\/06\/Stan-Ventures.webp","width":2001,"height":801,"caption":"Stan Ventures"},"image":{"@id":"https:\/\/www.stanventures.com\/news\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/StanVentures\/","https:\/\/x.com\/stanventures"]},{"@type":"Person","@id":"https:\/\/www.stanventures.com\/news\/#\/schema\/person\/87d00ff18daf9650e7c925ae4bf86efb","name":"Dileep Thekkethil","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/911bd385b9da54d4a69f19f536a6419e576244371bd6e7d96f06c583dd402fa9?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/911bd385b9da54d4a69f19f536a6419e576244371bd6e7d96f06c583dd402fa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/911bd385b9da54d4a69f19f536a6419e576244371bd6e7d96f06c583dd402fa9?s=96&d=mm&r=g","caption":"Dileep Thekkethil"},"description":"Dileep Thekkethil is the Director of Marketing at Stan Ventures, where he applies over 15 years of SEO and digital marketing expertise to drive growth and authority. A former journalist with six years of experience, he combines strategic storytelling with technical know-how to help brands navigate the shift toward AI-driven search and generative engines. Dileep is a strong advocate for Google\u2019s EEAT standards, regularly sharing real-world use cases and scenarios to demystify complex marketing trends. He is an avid gardener of tropical fruits, a motor enthusiast, and a dedicated caretaker of his pair of cockatiels.","sameAs":["https:\/\/stanventures.com\/news","https:\/\/www.linkedin.com\/in\/dileep-pradeep-3705aa53\/","https:\/\/x.com\/dthekkethil"],"url":"https:\/\/www.stanventures.com\/news\/author\/admin_7mxgn8tx\/"}]}},"_links":{"self":[{"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/posts\/3719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/comments?post=3719"}],"version-history":[{"count":3,"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/posts\/3719\/revisions"}],"predecessor-version":[{"id":3730,"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/posts\/3719\/revisions\/3730"}],"wp:attachment":[{"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/media?parent=3719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/categories?post=3719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stanventures.com\/news\/wp-json\/wp\/v2\/tags?post=3719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}