Quickcreator AI Blog Writer WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Quickcreator – AI Blog Writer plugin for WordPress, affecting versions 0.0.9 prior to 0.1.17. The issue arises from the presence of a plaintext file, dupasrala.txt, within the plugin's directory, which unintentionally reveals the plugin's API key. This exposure allows unauthenticated attackers to access the API key and use it to perform actions on the site, such as creating new posts and injecting cross-site scripting (XSS) payloads.

Impact

Exploitation of this vulnerability allows for unauthorized access to the plugin's API key, which can be used to create new posts on the WordPress site and inject XSS payloads.

Added: Oct 24, 2025, 9:33 AM

Updated: Oct 24, 2025, 9:33 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.5

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.5

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quickcreator AI Blog Writer WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating