A high-severity vulnerability has been identified in the "AI Engine" WordPress plugin, affecting all versions up to and including version 3. This flaw allows an unauthenticated attacker to upload arbitrary files, including malicious scripts, to the web server. Successful exploitation could result in a complete compromise of the affected website, leading to data theft, website defacement, or further attacks on the hosting infrastructure.

The vulnerability exists due to a lack of proper file type validation within the rest_helpers_update_media_metadata function of the plugin. An attacker can exploit this by sending a crafted request to the corresponding REST API endpoint, bypassing security checks designed to only allow specific media file types. This allows the attacker to upload a malicious file, such as a PHP web shell, which can then be executed on the server, granting them remote code execution capabilities.

High severity with a CVSS score of 7.2. The ability for an attacker to achieve remote code execution through an arbitrary file upload presents a significant risk to the organization. Successful exploitation could lead to a complete server compromise, resulting in a data breach of sensitive customer or company information, financial loss, and severe reputational damage. The compromised website could also be used to host malware or launch attacks against other systems, creating further liability and operational disruption.

Immediate Action: Immediately update the "AI Engine – The Chatbot and AI Framework for WordPress" plugin to the latest patched version (greater than version 3). After updating, review the WordPress media library and server file system for any suspicious or unrecognized files that may have been uploaded prior to patching. If the plugin is no longer required for business operations, it should be deactivated and removed as a security best practice.

Proactive Monitoring: Monitor web server access logs for unusual POST requests to the WordPress REST API, particularly those targeting endpoints related to the AI Engine plugin. Implement file integrity monitoring on the web server to detect the creation of new, unexpected files (especially with extensions like .php, .phtml) in upload directories. Monitor for outbound network connections from the web server to unknown destinations, which could indicate a successful compromise.

Compensating Controls: If patching cannot be immediately applied, implement a Web Application Firewall (WAF) with rules specifically designed to inspect file uploads and block requests containing suspicious file types or names. Harden web server permissions to prevent files in the upload directory from being executed. Regularly scan the website with a vulnerability scanner that can detect indicators of compromise.

Public Exploit Available: false

Given the high severity (CVSS 7.2) of this vulnerability and the potential for complete system compromise, immediate action is required. Organizations must prioritize applying the vendor-supplied patch to all affected WordPress instances. Although this CVE is not currently on the CISA KEV list, the risk of remote code execution warrants treating this with the highest urgency. After patching, a thorough review should be conducted to ensure no prior compromise has occurred.