A high-severity vulnerability has been identified in the S2B AI Assistant WordPress plugin, which could allow an unauthenticated attacker to upload malicious files to a website. Successful exploitation could result in a complete compromise of the affected website, leading to data theft, website defacement, or the server being used for further malicious activities. Organizations using this plugin are urged to take immediate action to mitigate this risk.

The vulnerability is an arbitrary file upload weakness within the storeFile() function of the plugin. The function fails to properly validate the type of file being uploaded, allowing an attacker to bypass intended restrictions (e.g., allowing only images). By uploading a malicious script (such as a PHP web shell) and accessing its location on the server, an attacker can achieve remote code execution, granting them control over the web server.

This vulnerability is rated as High severity with a CVSS score of 7.2. A successful exploit could have significant business consequences, including unauthorized access to sensitive company or customer data, leading to a data breach. An attacker could deface the corporate website, causing reputational damage, or use the compromised server as a platform to attack other systems, creating further liability. The potential for data loss, service disruption, and financial harm is substantial.

Immediate Action: Immediately update the "S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator" plugin to the latest patched version provided by the vendor. If the plugin is not essential for business operations, consider deactivating and removing it entirely as a precautionary measure.

Proactive Monitoring: Monitor web server access logs for unusual POST requests to the plugin's file upload endpoints. Implement File Integrity Monitoring (FIM) to detect the creation of unexpected files (e.g., .php, .phtml, .sh) in the WordPress uploads directory. Review network traffic for connections to suspicious IP addresses originating from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to block the upload of executable file types. At the web server level, configure rules to deny the execution of scripts within the uploads directory. Regularly scan the web server for malicious files and back up the website to enable quick restoration if a compromise occurs.

Public Exploit Available: false

Due to the high severity of this vulnerability (CVSS 7.2) and the critical risk of remote code execution, it is strongly recommended that organizations take immediate action. The primary course of action is to apply the vendor-supplied patch without delay. If the affected plugin is not critical, the most secure option is to disable and uninstall it to eliminate the attack surface entirely. Although this CVE is not currently listed on the CISA KEV catalog, its potential for complete system compromise warrants urgent attention.