Significant Security Flaw Discovered in AI Engine Plugin for WordPress
A recently unveiled security vulnerability in the AI Engine plugin for WordPress has raised alarms among site administrators. Affected versions, specifically 2.9.3 and 2.9.4, have a flaw that leaves over 100,000 websites at risk. This security issue, categorized as an arbitrary file upload vulnerability, permits authenticated users, even those with minimal access like subscriber-level accounts, to upload harmful files. The potential consequences of this could include remote code execution (RCE) and complete site takeover.
Understanding the Vulnerability: CVE-2025-7847
The vulnerability, identified as CVE-2025-7847, was disclosed to Wordfence on July 18, 2025. This report came from a security researcher known as ISMAILSHADOW, who reported the issue through the Wordfence Bug Bounty Program. Notably, this vulnerability was introduced a day before it was reported, on July 17, leading to a significant bounty of $1,170 for the discoverer.
Technical Breakdown of the Flaw
The root of this vulnerability lies within the rest_simpleFileUpload() function of the AI Engine plugin. This function failed to implement robust file type validation. When the "Public API" feature is enabled—although it’s off by default—any authenticated user can access the plugin’s REST API endpoint at /mwai/v1/simpleFileUpload. The lack of Bearer Token authentication allows any user to upload files without restrictions, potentially including malicious PHP scripts.
The issue escalates in the upload_file() function within the Meow_MWAI_Modules_Files class. Instead of validating the file’s MIME type or extension, the function indiscriminately uses PHP’s native copy() function for uploaded files. Consequently, attackers can bypass file restrictions and execute their scripts on the server, which is a critical threat stemming from such vulnerabilities.
Conditions for Successful Exploitation
Notably, this vulnerability does not impact all AI Engine users; specific conditions must be met for exploitation:
- The "Public API" feature must be enabled in the plugin’s settings.
- There should be no Bearer Token or custom authentication method in place.
- The user attempting exploitation needs to be authenticated, with even a subscriber-level role being sufficient.
When these criteria align, the REST endpoint becomes an open door for low-level users to execute harmful code directly on the server.
Addressing the Issue: Patches and Updates
In response to this threatening vulnerability, plugin developer Jordy Meow quickly acted. On July 22, 2025, version 2.9.5 was released, incorporating essential fixes to address the security risk. The updates introduced rigorous validation protocols using WordPress’s built-in wp_check_filetype() function in both the simpleFileUpload() and upload_file() methods. This enhancement ensures that only approved file types are accepted, effectively closing the security loophole.
Timeline of Events
- July 18, 2025: Vulnerability reported to Wordfence.
- July 18, 2025: Disclosure validated and communicated to the developer through the Wordfence Vulnerability Management Portal.
- July 21, 2025: A firewall rule was activated for Wordfence Premium, Care, and Response users.
- July 22, 2025: Updated version 2.9.5 of AI Engine released.
- August 20, 2025: Plans for protection to be extended to Wordfence Free users.
Wordfence’s prompt actions played a crucial role in mitigating the risk of exploitation. However, due to the critical nature of CVE-2025-7847, all users of the AI Engine plugin are urged to upgrade to version 2.9.5 or above without delay, especially if their site employs the Public API feature.
Importance of Security Measures
The emergence of the CVE-2025-7847 vulnerability serves as a critical reminder about the necessity of proper input validation and access controls, particularly for plugins with public API capabilities. Even minor oversights can lead to severe security threats, including remote code execution. Given the widespread utilization of AI Engine, it’s vital for users to secure their REST API endpoints, ensuring robust authentication is in place to protect their sites from potential attacks.
