A critical vulnerability has been identified in the Kalrav AI Agent plugin for WordPress, which allows unauthenticated attackers to upload arbitrary files to the server. This flaw could be exploited to execute malicious code, potentially leading to a complete compromise of the affected website, data theft, and further attacks originating from the compromised server. Due to the high severity and ease of exploitation, immediate action is required.

The vulnerability exists within the kalrav_upload_file AJAX action, which is accessible to unauthenticated users. The function responsible for handling file uploads fails to properly validate the type of file being uploaded. An attacker can exploit this by crafting a request to this AJAX action to upload a malicious script (e.g., a PHP web shell) disguised as a legitimate file. Once uploaded, the attacker can access the script via its URL on the server to achieve remote code execution (RCE).

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a devastating business impact, leading to a full server compromise. Potential consequences include theft of sensitive customer data and intellectual property, website defacement, service disruption, and significant reputational damage. The compromised server could also be leveraged to attack other systems, host malware, or participate in botnets, creating further legal and financial liabilities for the organization.

Immediate Action: Immediately update the Kalrav AI Agent plugin for WordPress to the latest version provided by the vendor, which addresses this vulnerability. After patching, review server logs for any signs of exploitation that may have occurred prior to the update.

Proactive Monitoring: System administrators should actively monitor web server access logs for suspicious POST requests to /wp-admin/admin-ajax.php with the action parameter set to kalrav_upload_file. Monitor the WordPress uploads directory for any unexpected or suspicious files, particularly those with executable extensions like .php, .phtml, or .php5. Monitor for unusual outbound network traffic from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, consider the following controls:

• Temporarily disable the Kalrav AI Agent plugin until it can be safely updated.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to block malicious file uploads and requests targeting the vulnerable AJAX action.
• Implement strict file permissions on the web server's upload directories to prevent the execution of any uploaded scripts.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for unauthenticated remote code execution, this vulnerability poses a severe and immediate risk to the organization. We strongly recommend that all instances of the Kalrav AI Agent plugin be updated to the latest patched version without delay. Do not wait for evidence of active exploitation, as the ease of exploiting this vulnerability means attacks can emerge rapidly. Organizations should treat this as a top-priority patching requirement.