Kalrav AI Agent WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

A vulnerability in the Kalrav AI Agent plugin for WordPress, present in all versions through 2.3.3, allows for arbitrary file uploads. This issue arises from inadequate file type validation in the 'kalrav_upload_file' AJAX action. As a result, unauthenticated attackers can upload arbitrary files to the server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads, with the potential for remote code execution on the affected server.

Added: Jan 24, 2026, 8:41 AM

Updated: Jan 24, 2026, 8:41 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kalrav AI Agent WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating