A high-severity vulnerability has been identified in the AI Engine plugin for WordPress. This flaw allows an attacker to inject and execute malicious code by uploading a specially crafted file, potentially leading to a complete compromise of the affected website. Successful exploitation could result in data theft, website defacement, or the server being used for further malicious activities.

The vulnerability is a PHP Object Injection flaw that can be triggered via PHAR Deserialization. An attacker can exploit this by uploading a specially crafted file (e.g., an image) that contains a malicious PHP object within its metadata, structured as a PHAR archive. When the vulnerable plugin performs a file system operation on this uploaded file using a phar:// stream wrapper, the PHP runtime automatically deserializes the metadata, executing the malicious object. This can lead to arbitrary code execution on the server within the security context of the WordPress application.

This vulnerability is rated as High severity with a CVSS score of 7.1. A successful exploit could have a significant negative impact on the business. An attacker could gain full administrative control over the WordPress site, leading to the theft of sensitive data such as customer information and user credentials, financial loss, and severe reputational damage. The compromised website could also be used to host malware or launch attacks against other systems, creating further liability and cleanup costs.

Immediate Action:

• Immediately update the AI Engine WordPress plugin to the latest patched version provided by the vendor.
• If the plugin is not essential for business operations, consider deactivating and removing it to eliminate the attack surface.
• Review WordPress security settings, particularly file upload permissions, to ensure they are appropriately restricted.

Proactive Monitoring:

• Monitor web server access logs for requests containing the phar:// stream wrapper, which is a key indicator of an exploitation attempt.
• Implement file integrity monitoring to detect unauthorized changes to plugin files or the creation of suspicious files in upload directories.
• Analyze network traffic for unusual outbound connections from the web server, which could indicate a successful compromise.

Compensating Controls:

• Deploy a Web Application Firewall (WAF) with rules designed to detect and block PHP Object Injection and deserialization attacks.
• Harden the web server configuration to restrict file upload capabilities. Only allow specific, required file types and scan all uploaded files with an antivirus or malware scanner.
• If possible, disable potentially dangerous PHP functions in the php.ini configuration if they are not required for website functionality.

Public Exploit Available: false

Given the High severity (CVSS 7.1) of this vulnerability and its potential to allow for complete website compromise, immediate action is required. We strongly recommend all organizations using the affected AI Engine plugin to apply the vendor-supplied security update without delay. While this vulnerability is not currently on the CISA KEV list, the risk of data breach and system compromise is significant, and remediation should be treated as a high priority.