CVE-2025-7847 Overview
CVE-2025-7847 is an arbitrary file upload vulnerability in the AI Engine plugin for WordPress, affecting versions 2.9.3 and 2.9.4. The flaw resides in the rest_simpleFileUpload() function, which fails to validate the type of files submitted through the REST API. Authenticated users with Subscriber-level access or higher can upload arbitrary files to the server when the REST API is enabled. Successful exploitation may lead to remote code execution on the affected WordPress installation. The vulnerability is classified under CWE-434: Unrestricted Upload of File with Dangerous Type.
Critical Impact
Authenticated attackers with minimal privileges can upload executable files and achieve remote code execution on vulnerable WordPress sites.
Affected Products
- AI Engine plugin for WordPress version 2.9.3
- AI Engine plugin for WordPress version 2.9.4
- WordPress installations with the AI Engine REST API enabled
Discovery Timeline
- 2025-07-31 - CVE-2025-7847 published to the National Vulnerability Database (NVD)
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-7847
Vulnerability Analysis
The AI Engine plugin exposes a REST API endpoint backed by the rest_simpleFileUpload() function defined in classes/api.php. This endpoint accepts file uploads from authenticated users but does not enforce a server-side allowlist of permitted file extensions or MIME types. As a result, an attacker can submit files containing PHP code or other executable content. Once written to a web-accessible directory, the uploaded file can be requested directly to trigger code execution within the WordPress process context.
The network-reachable attack surface combined with the low privilege requirement makes exploitation broadly feasible across multi-user WordPress sites that permit subscriber registration. No user interaction beyond the attacker's own authenticated session is required.
Root Cause
The root cause is missing input validation on the file upload handler. The rest_simpleFileUpload() function in classes/api.php and the supporting logic in classes/modules/files.php do not verify the extension, MIME type, or magic bytes of incoming file content before persisting it to disk. This omission falls squarely within CWE-434.
Attack Vector
Exploitation requires an authenticated session at the Subscriber role or above. Many WordPress sites permit open subscriber registration, which lowers the practical barrier to entry. The attacker issues an authenticated request to the vulnerable REST API endpoint with a malicious payload, such as a .php file. After the file is stored on the server, the attacker requests the resulting URL to execute the payload. See the WordPress AI Engine API Code and WordPress AI Engine Files Code for the affected code paths.
No verified public proof-of-concept code is referenced in the advisory. Refer to the Wordfence Vulnerability Report for additional context.
Detection Methods for CVE-2025-7847
Indicators of Compromise
- New or unexpected files with executable extensions such as .php, .phtml, or .phar appearing in the WordPress wp-content/uploads/ directory tree.
- Outbound network connections originating from the web server process to unfamiliar hosts shortly after subscriber-account activity.
- New low-privilege WordPress user registrations followed by REST API requests to AI Engine endpoints.
- Modified or newly created WordPress administrator accounts and unexpected scheduled tasks (wp-cron entries).
Detection Strategies
- Inspect web server access logs for POST requests to AI Engine REST routes (paths containing /wp-json/mwai/) originating from low-privilege users.
- Hash and baseline files within wp-content/uploads/ to flag the appearance of script files in directories that should contain only media.
- Correlate authentication events for newly created Subscriber accounts with subsequent file upload activity through REST endpoints.
Monitoring Recommendations
- Enable WordPress audit logging for REST API requests, plugin activity, and user role changes.
- Monitor PHP process execution from within the uploads directory; web servers should never execute scripts from media paths.
- Alert on file integrity changes in plugin and upload directories using file integrity monitoring tooling.
How to Mitigate CVE-2025-7847
Immediate Actions Required
- Update the AI Engine plugin to a version newer than 2.9.4 that includes the fix from Changeset #3329842.
- Audit all files under wp-content/uploads/ for executable scripts and remove any that are not legitimate media assets.
- Review user accounts for unauthorized Subscriber or higher-privilege registrations created during the exposure window.
- Rotate WordPress administrator credentials and API keys if compromise is suspected.
Patch Information
The vendor addressed the issue by adding file type validation to the REST upload handler. The relevant fix is captured in Changeset #3329842 and a follow-up changeset history. Upgrading to the latest AI Engine release is the authoritative remediation.
Workarounds
- Disable the AI Engine plugin until it can be updated on affected sites.
- Disable open user registration, or restrict the default registration role to prevent untrusted Subscriber accounts.
- Use a web application firewall (WAF) rule to block requests to AI Engine REST upload endpoints from non-administrative users.
- Configure the web server to deny PHP execution within the wp-content/uploads/ directory tree.
# Apache: deny PHP execution in the WordPress uploads directory
# Place in wp-content/uploads/.htaccess
<FilesMatch "\.(php|phtml|phar|php7|php8)$">
Require all denied
</FilesMatch>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

