WordPress AI Engine Plugin Open Redirect Vulnerability

A vulnerability allowing open redirects has been identified in the AI Engine plugin for WordPress, specifically in version 2.8.4. This issue arises from an insecure implementation of OAuth, where the 'redirect_uri' parameter lacks proper validation during the authorization process. As a result, unauthenticated attackers can intercept the authorization code and obtain an access token by redirecting users to a maliciously controlled URI. Although OAuth is currently disabled in the plugin, the vulnerable code remains present and could be reactivated.

Impact

Exploitation of this vulnerability allows for open redirect attacks, where users can be sent to untrusted sites, potentially leading to phishing or other malicious activities.

Reproduction

To reproduce this vulnerability, initiate the OAuth authorization flow by requesting an authorization code. Since the 'redirect_uri' parameter is not validated, it can be manipulated to point to an attacker-controlled site. After the user is redirected and the authorization code is intercepted, it can be exchanged for an access token, granting unauthorized access.

Remediation

Users are advised to update the AI Engine plugin to version 2.8.5 or later, where this vulnerability has been patched.