A critical vulnerability has been discovered in the AI Engine plugin for WordPress, affecting its free version with over 50,000 active installations. The plugin, known for its diverse AI-related functionalities, such as chatbot creation, content management, and various AI tools like translation and SEO, is at risk due to an unauthenticated arbitrary file upload flaw. This vulnerability lies in the plugin’s rest_upload function within the files.php module, allowing any unauthenticated user to upload arbitrary files, potentially leading to remote code execution on the affected system. The lack of proper file type and extension validation poses a significant security risk.
To address this vulnerability, the plugin’s development team has released a patch in version 1.9.99. The patch includes a permission check on the custom REST API endpoint and implements file type and extension checks using the wp_check_filetype_and_ext function. Users are strongly advised to update their AI Engine plugin to at least version 1.9.99 to ensure protection against potential exploitation. The identifier CVE-2023-51409 has been assigned to track this security issue. The Patchstack advisory emphasizes the importance of checking every process of $_FILES parameters in the plugin or theme code and applying thorough checks on filenames and extensions before file uploads.
This discovery highlights the critical need for users to stay vigilant about WordPress plugin security and promptly update vulnerable plugins to mitigate potential risks. The implementation of proper security checks and adherence to best practices are crucial to safeguarding WordPress sites against emerging threats and vulnerabilities.
