A critical vulnerability in the AI Engine WordPress plugin allows authenticated users to upload malicious files and potentially execute remote code, risking full site compromise. Rapid patching and proper validation are essential to prevent exploitation, especially when the “Public API” feature is enabled. #CVE-2025-7847 #AIEngine #WordPressSecurity
Keypoints
- The vulnerability affects WordPress sites using versions 2.9.3 and 2.9.4 of the AI Engine plugin.
- Authenticated users with subscriber-level access can exploit the flaw if the “Public API” is enabled.
- The issue stems from inadequate file type validation in the plugin’s upload functions.
- Jordy Meow released version 2.9.5 on July 22, 2025, fixing the flaw with improved validation measures.
- Site owners are urged to update to the latest version immediately, especially if they use the public API feature.
Read More: https://thecyberexpress.com/ai-engine-plugin-vulnerability/