A critical vulnerability has been identified in the AI Feeds plugin for WordPress, which allows unauthenticated attackers to upload arbitrary files and potentially execute code on the server. Successful exploitation could lead to a complete compromise of the affected website, resulting in data theft, website defacement, or further attacks originating from the compromised server. Immediate patching is required to mitigate this high-risk threat.

The vulnerability exists within the actualizador_git.php file of the plugin. This file lacks a proper capability check, a security function that should verify if a user has the necessary permissions to perform an action. Because this check is missing, an unauthenticated attacker can directly access this file and trigger its functionality, which is designed to download and install a plugin update from a GitHub repository. An attacker can supply a URL to their own malicious GitHub repository, causing the server to download it and overwrite the existing plugin files with malicious code, such as a web shell, leading to remote code execution (RCE).

This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit grants an attacker complete control over the web server, posing a severe risk to the organization. Potential consequences include the theft of sensitive data such as customer information, intellectual property, or payment details; disruption of business operations through website defacement or denial of service; and significant reputational damage. The compromised server could also be used to launch further attacks against other systems, creating additional legal and financial liabilities.

Immediate Action: Immediately update the AI Feeds plugin for WordPress to the latest version released by the vendor, which addresses this vulnerability. After patching, review web server access logs for any suspicious POST requests to the /wp-content/plugins/ai-feeds/actualizador_git.php file and inspect plugin files for any unauthorized modifications.

Proactive Monitoring: Implement continuous monitoring of web server logs, specifically looking for direct access attempts to actualizador_git.php. Monitor for unusual outbound network traffic from the web server, especially to domains like github.com. Utilize a file integrity monitoring (FIM) system to alert on any unexpected changes to core WordPress files and plugin directories.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) rule to block all external access to the actualizador_git.php file. Additionally, consider restricting the web server's ability to make outbound connections to the internet, which would prevent it from downloading the malicious repository.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the availability of a public exploit, immediate action is required. We strongly recommend that all instances of the AI Feeds WordPress plugin be updated to a patched version without delay. The risk of unauthenticated remote code execution presents a direct threat of full system compromise. Organizations should prioritize this patch above all others and subsequently hunt for any indicators of compromise on vulnerable systems.