Skip to main content
CVE Vulnerability Database

CVE-2025-7847: AI Engine WordPress Plugin RCE Vulnerability

CVE-2025-7847 is a remote code execution flaw in AI Engine WordPress plugin affecting versions 2.9.3 and 2.9.4. Attackers with Subscriber-level access can upload malicious files. This article covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2025-7847 Overview

CVE-2025-7847 is an arbitrary file upload vulnerability in the AI Engine plugin for WordPress, affecting versions 2.9.3 and 2.9.4. The flaw resides in the rest_simpleFileUpload() function, which fails to validate the type of files submitted through the REST API. Authenticated users with Subscriber-level access or higher can upload arbitrary files to the server when the REST API is enabled. Successful exploitation may lead to remote code execution on the affected WordPress installation. The vulnerability is classified under CWE-434: Unrestricted Upload of File with Dangerous Type.

Critical Impact

Authenticated attackers with minimal privileges can upload executable files and achieve remote code execution on vulnerable WordPress sites.

Affected Products

  • AI Engine plugin for WordPress version 2.9.3
  • AI Engine plugin for WordPress version 2.9.4
  • WordPress installations with the AI Engine REST API enabled

Discovery Timeline

  • 2025-07-31 - CVE-2025-7847 published to the National Vulnerability Database (NVD)
  • 2026-04-15 - Last updated in NVD database

Technical Details for CVE-2025-7847

Vulnerability Analysis

The AI Engine plugin exposes a REST API endpoint backed by the rest_simpleFileUpload() function defined in classes/api.php. This endpoint accepts file uploads from authenticated users but does not enforce a server-side allowlist of permitted file extensions or MIME types. As a result, an attacker can submit files containing PHP code or other executable content. Once written to a web-accessible directory, the uploaded file can be requested directly to trigger code execution within the WordPress process context.

The network-reachable attack surface combined with the low privilege requirement makes exploitation broadly feasible across multi-user WordPress sites that permit subscriber registration. No user interaction beyond the attacker's own authenticated session is required.

Root Cause

The root cause is missing input validation on the file upload handler. The rest_simpleFileUpload() function in classes/api.php and the supporting logic in classes/modules/files.php do not verify the extension, MIME type, or magic bytes of incoming file content before persisting it to disk. This omission falls squarely within CWE-434.

Attack Vector

Exploitation requires an authenticated session at the Subscriber role or above. Many WordPress sites permit open subscriber registration, which lowers the practical barrier to entry. The attacker issues an authenticated request to the vulnerable REST API endpoint with a malicious payload, such as a .php file. After the file is stored on the server, the attacker requests the resulting URL to execute the payload. See the WordPress AI Engine API Code and WordPress AI Engine Files Code for the affected code paths.

No verified public proof-of-concept code is referenced in the advisory. Refer to the Wordfence Vulnerability Report for additional context.

Detection Methods for CVE-2025-7847

Indicators of Compromise

  • New or unexpected files with executable extensions such as .php, .phtml, or .phar appearing in the WordPress wp-content/uploads/ directory tree.
  • Outbound network connections originating from the web server process to unfamiliar hosts shortly after subscriber-account activity.
  • New low-privilege WordPress user registrations followed by REST API requests to AI Engine endpoints.
  • Modified or newly created WordPress administrator accounts and unexpected scheduled tasks (wp-cron entries).

Detection Strategies

  • Inspect web server access logs for POST requests to AI Engine REST routes (paths containing /wp-json/mwai/) originating from low-privilege users.
  • Hash and baseline files within wp-content/uploads/ to flag the appearance of script files in directories that should contain only media.
  • Correlate authentication events for newly created Subscriber accounts with subsequent file upload activity through REST endpoints.

Monitoring Recommendations

  • Enable WordPress audit logging for REST API requests, plugin activity, and user role changes.
  • Monitor PHP process execution from within the uploads directory; web servers should never execute scripts from media paths.
  • Alert on file integrity changes in plugin and upload directories using file integrity monitoring tooling.

How to Mitigate CVE-2025-7847

Immediate Actions Required

  • Update the AI Engine plugin to a version newer than 2.9.4 that includes the fix from Changeset #3329842.
  • Audit all files under wp-content/uploads/ for executable scripts and remove any that are not legitimate media assets.
  • Review user accounts for unauthorized Subscriber or higher-privilege registrations created during the exposure window.
  • Rotate WordPress administrator credentials and API keys if compromise is suspected.

Patch Information

The vendor addressed the issue by adding file type validation to the REST upload handler. The relevant fix is captured in Changeset #3329842 and a follow-up changeset history. Upgrading to the latest AI Engine release is the authoritative remediation.

Workarounds

  • Disable the AI Engine plugin until it can be updated on affected sites.
  • Disable open user registration, or restrict the default registration role to prevent untrusted Subscriber accounts.
  • Use a web application firewall (WAF) rule to block requests to AI Engine REST upload endpoints from non-administrative users.
  • Configure the web server to deny PHP execution within the wp-content/uploads/ directory tree.
bash
# Apache: deny PHP execution in the WordPress uploads directory
# Place in wp-content/uploads/.htaccess
<FilesMatch "\.(php|phtml|phar|php7|php8)$">
    Require all denied
</FilesMatch>

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.