CVE-2025-13374 Overview
The Kalrav AI Agent plugin for WordPress contains a critical arbitrary file upload vulnerability in all versions up to and including 2.3.3. The vulnerability exists in the kalrav_upload_file AJAX action, which lacks proper file type validation, allowing unauthenticated attackers to upload arbitrary files to the affected site's server. Successful exploitation of this vulnerability can lead to remote code execution (RCE), enabling attackers to gain complete control over the compromised WordPress installation.
Critical Impact
Unauthenticated remote code execution through arbitrary file upload, potentially allowing full server compromise without any authentication requirements.
Affected Products
- Kalrav AI Agent WordPress Plugin version 2.3.3 and earlier
- WordPress installations with vulnerable Kalrav AI Agent plugin active
- Web servers hosting affected WordPress sites
Discovery Timeline
- 2026-01-24 - CVE-2025-13374 published to NVD
- 2026-01-26 - Last updated in NVD database
Technical Details for CVE-2025-13374
Vulnerability Analysis
This vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). The kalrav_upload_file AJAX action in the Kalrav AI Agent plugin fails to implement proper file type validation before processing uploaded files. This architectural flaw allows attackers to bypass intended security controls and upload executable files such as PHP web shells directly to the server's file system.
The vulnerability is particularly severe because it requires no authentication to exploit. The AJAX action is exposed to unauthenticated users, meaning any remote attacker can craft malicious requests to upload arbitrary files. Once a malicious PHP file is uploaded, the attacker can execute it by directly accessing the uploaded file's URL, achieving remote code execution on the target server.
Root Cause
The root cause of this vulnerability is the absence of file type validation in the kalrav_upload_file AJAX handler located at line 967 of kalrav-ai-agent.php. The function processes file uploads without checking the file extension, MIME type, or file contents against an allowlist of safe file types. This missing security control allows attackers to upload files with dangerous extensions such as .php, .phtml, or other executable formats that the web server will process.
Attack Vector
The attack vector is network-based, requiring no authentication, no user interaction, and low complexity to exploit. An attacker can send a crafted HTTP POST request to the WordPress AJAX endpoint (/wp-admin/admin-ajax.php) with the action parameter set to kalrav_upload_file and a malicious file attachment.
The typical attack flow involves:
- The attacker identifies a WordPress site using the vulnerable Kalrav AI Agent plugin
- A malicious PHP file (web shell) is crafted and sent via the AJAX upload endpoint
- The plugin processes the upload without validation and stores the file on the server
- The attacker accesses the uploaded file's URL to execute arbitrary PHP code
- Full server compromise is achieved through the web shell
For detailed technical analysis, see the WordPress Plugin Code Review and the Wordfence Vulnerability Report.
Detection Methods for CVE-2025-13374
Indicators of Compromise
- Unexpected PHP files in WordPress upload directories, particularly files with obfuscated or encoded content
- HTTP POST requests to /wp-admin/admin-ajax.php with action=kalrav_upload_file from external IPs
- New or modified files with suspicious names or non-standard extensions in the wp-content/uploads/ directory
- Web shell signatures in uploaded files (e.g., system(), exec(), passthru(), shell_exec() functions)
Detection Strategies
- Monitor web server access logs for POST requests to admin-ajax.php containing kalrav_upload_file action
- Implement file integrity monitoring on WordPress directories to detect unauthorized file creation
- Deploy web application firewall (WAF) rules to block file upload requests containing executable file extensions
- Review server logs for unusual outbound connections that may indicate post-exploitation activity
Monitoring Recommendations
- Enable detailed logging for WordPress AJAX actions and file upload operations
- Configure alerts for new file creation events in WordPress directories, especially for PHP files
- Monitor for process spawning from web server processes (e.g., www-data or apache user)
- Implement network-level monitoring for command and control traffic patterns
How to Mitigate CVE-2025-13374
Immediate Actions Required
- Update the Kalrav AI Agent plugin to a patched version if available
- Deactivate and remove the Kalrav AI Agent plugin if no patch is available or if the plugin is not essential
- Conduct a security audit of the WordPress uploads directory for any suspicious files
- Review web server access logs for evidence of exploitation attempts
Patch Information
Check the WordPress Plugin Repository for the latest version of the Kalrav AI Agent plugin with security fixes. Organizations should prioritize updating to a patched version or removing the plugin entirely. Additional vulnerability details are available from the Wordfence Vulnerability Report.
Workarounds
- Disable the plugin entirely until a security patch is released
- Implement WAF rules to block requests to the kalrav_upload_file AJAX action
- Restrict access to admin-ajax.php for unauthenticated users where feasible
- Configure file upload restrictions at the web server level to prevent PHP file uploads
# Apache .htaccess configuration to block PHP uploads in uploads directory
<Directory "/var/www/html/wp-content/uploads">
<FilesMatch "\.ph(p[345]?|t|tml)$">
Require all denied
</FilesMatch>
</Directory>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
