AI Plugin Flaw Leads to Remote Attacks on 50,000 WordPress Sites

  • Home
  • AI Plugin Flaw Leads to Remote Attacks on 50,000 WordPress Sites

AI Plugin Flaw Leads to Remote Attacks on 50,000 WordPress Sites

A serious vulnerability has been discovered in the AI Engine plugin for WordPress, particularly affecting its free version with over 50,000 active installations.

This plugin has gained widespread recognition for its diverse artificial intelligence-related features, allowing users to create chatbots, manage content, and leverage various AI tools such as translation and search engine optimization.

According to an announcement released today by Patchstack, the security flaw in question exists in the rest_upload function of the plugin’s files.php module and involves an unauthenticated arbitrary file upload vulnerability.

This vulnerability allows any unauthenticated user to upload arbitrary files, including potentially malicious PHP files, posing a risk of remote code execution on affected systems.

It’s noteworthy that the permission_callback parameter of the relevant REST API endpoints is set to __return_true, allowing any unauthenticated user to trigger vulnerable functions. The code lacks proper validation for file types and extensions, enabling the upload of any file, thereby constituting a significant security risk.

To mitigate this vulnerability, the plugin’s development team has introduced a patch in version 1.9.99. The patch implements permission checks on custom REST API endpoints and utilizes the wp_check_filetype_and_ext function for merging file type and extension checks.

Given these findings, users are strongly advised to update their AI Engine plugin to at least version 1.9.99 to ensure protection against potential exploitation. The identifier CVE-2023-51409 has been assigned to track this issue.

Patchstack’s announcement emphasizes, “Always check each process of the $_FILES parameter in plugin or theme code.” “Before uploading a file, be sure to check the filename and extension. Additionally, pay special attention to permission checks on custom REST API endpoints.”