A important vulnerability has been recognized within the AI Engine plugin for WordPress, particularly affecting its free model with over 50,000 energetic installations.
The plugin is well known for its various AI-related functionalities, permitting customers to create chatbots, handle content material and make the most of varied AI instruments reminiscent of translation, website positioning and extra.
In line with an advisory printed at this time by Patchstack, the safety flaw in query is an unauthenticated arbitrary file add vulnerability within the plugin’s rest_upload perform throughout the information.php module.
The vulnerability permits any unauthenticated consumer to add arbitrary information, together with probably malicious PHP information, which may result in distant code execution on the affected system.
Notably, the permission_callback parameter of the related REST API endpoint is about to __return_true, permitting any unauthenticated consumer to set off the weak perform. The dearth of correct file kind and extension validation within the code permits for the add of arbitrary information, posing a major safety danger.
Learn extra on WordPress safety: Backup Migration WordPress Plugin Flaw Impacts 90,000 Websites
To mitigate this vulnerability, the plugin’s improvement group launched a patch in model 1.9.99. The patch implements a permission test on the customized REST API endpoint and incorporates file kind and extension checks utilizing the wp_check_filetype_and_ext perform.
In gentle of those findings, customers are strongly suggested to replace their AI Engine plugin to a minimum of model 1.9.99 to make sure their methods are protected towards potential exploitation. The identifier CVE-2023-51409 has been assigned to trace the problem.
“At all times test each technique of $_FILES parameters within the plugin or theme code,” reads the Patchstack advisory. “Be sure that to use a test on the filename and extension earlier than importing the file. Additionally, pay additional consideration to the permission checks on the customized REST API endpoints.”
