WordPress AI Engine Plugin vulnerable to malicious file upload and remote code execution

A security vulnerability in the AI Engine WordPress plugin is reported that allows authenticated users with minimal privileges to upload malicious files and potentially achieve remote code execution.

The flaw is tracked as CVE-2025-7847 (CVSS score 8.8) - an arbitrary file upload flaw in the rest_simpleFileUpload() function of the plugin, which fails to enforce proper file type validation. In affected versions, when the "Public API" option is enabled, any authenticated user can interact with the plugin's REST API endpoint /mwai/v1/simpleFileUpload. The flaw allows attackers to bypass file restrictions and upload executable PHP scripts to the server's public uploads directory, where they can be accessed via a web browser to achieve remote code execution.

The vulnerability affects AI Engine plugin versions 2.9.3 and 2.9.4, which were released in mid-July 2025. The vulnerability was introduced on July 17, 2025, and discovered just one day later on July 18, 2025, by security researcher ISMAILSHADOW through the Wordfence Bug Bounty Program.

The vulnerability is not universally exploitable across all AI Engine installations. Exploitation requires that:

• the "Public API" option in the plugin settings is enabled
• no Bearer Token or custom authentication method has been configured,
• the attacker has authenticated access to the site, even with subscriber-level privileges.

Plugin developer released the patched version 2.9.5 on July 22, 2025.

Website administrators using the AI Engine plugin should update to version 2.9.5 or later to address the vulnerability. Sites that have enabled the Public API option are at increased risk and should treat this update as a critical security priority. Organizations unable to update immediately should consider temporarily disabling the Public API feature until patches can be applied.