AI Engine WordPress Plugin Arbitrary File Upload Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability exists in the AI Engine WordPress plugin, specifically in versions through 3.3.2. The issue arises from inadequate file type validation in the 'rest_helpers_update_media_metadata' function, allowing authenticated attackers with Editor-level access or higher to upload arbitrary files to the server. This vulnerability could lead to remote code execution. Exploitation involves uploading a harmless image file, then using the 'update_media_metadata' endpoint to rename it to a PHP file, thereby creating an executable PHP file in the uploads directory.
Impact
Successful exploitation allows for arbitrary file uploads, which could be used to execute malicious PHP scripts on the server, potentially leading to a full compromise of the affected site.
Reproduction
To reproduce this vulnerability, an authenticated user with Editor-level access or higher can upload an image file through the 'update_media_metadata' endpoint. The uploaded file can then be renamed to a PHP file, creating an executable script in the uploads directory.
Remediation
Users are advised to update the AI Engine WordPress plugin to version 3.3.3 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.