A high-severity vulnerability exists within the AI Engine plugin for WordPress, identified as CVE-2025-7847. This flaw allows an unauthenticated attacker to upload malicious files to a vulnerable website, which can lead to a full server compromise. Successful exploitation could result in website defacement, data theft, or the server being used for further malicious activities.

The vulnerability is an Unrestricted File Upload flaw within the AI Engine plugin. The rest_simpleFileUpload() function, which handles file uploads via a REST API endpoint, fails to properly validate the type of file being uploaded. An unauthenticated attacker can craft a request to this function to upload a malicious executable file (e.g., a PHP web shell) disguised as a legitimate file. Once the malicious file is on the server, the attacker can navigate to its location to execute it, granting them remote code execution capabilities within the security context of the web server.

High severity with a CVSS score of 8.8. The business impact of this vulnerability is critical. An attacker who successfully exploits this flaw can gain complete control over the affected website and potentially the underlying server. This could lead to the theft of sensitive company and customer data, significant reputational damage from website defacement, financial loss due to business interruption, and regulatory fines if customer data is breached. The compromised server could also be leveraged to attack other systems within the organization's network or used as part of a botnet for external attacks, creating further liability.

Immediate Action: Immediately update the AI Engine plugin to the latest version provided by the vendor, as it contains the necessary security patch to validate file types. After updating, review the WordPress installation for any signs of compromise. If the plugin is no longer required for business operations, it should be deactivated and removed as a security best practice.

Proactive Monitoring: Monitor web server access logs for POST requests to the WordPress REST API endpoint associated with the AI Engine plugin's file upload function. Scrutinize the wp-content/uploads directory for any suspicious or non-image files (e.g., files with extensions like .php, .phtml, .phar). Implement file integrity monitoring to alert on any unauthorized file creation or modification within the WordPress core and plugin directories.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to block the upload of executable file types. Additionally, harden the web server configuration to prevent the execution of scripts (like PHP) from within the wp-content/uploads directory. This can be achieved via server configuration files like .htaccess for Apache or nginx.conf for NGINX.

Public Exploit Available: true

Given the critical severity (CVSS 8.8), the availability of a public exploit, and the risk of complete server compromise, immediate remediation is strongly recommended. Organizations must prioritize updating the affected AI Engine plugin to the latest patched version without delay. Due to the high likelihood of active exploitation, all systems running a vulnerable version should be considered potentially compromised and should be thoroughly investigated for malicious files or activity, even after patching.