A important vulnerability has been recognized within the AI Engine plugin for WordPress, particularly affecting its free model with over 50,000 lively installations.
The plugin is well known for its numerous AI-related functionalities, permitting customers to create chatbots, handle content material and make the most of varied AI instruments reminiscent of translation, web optimization and extra.
According to an advisory printed as we speak by Patchstack, the safety flaw in query is an unauthenticated arbitrary file add vulnerability within the plugin’s rest_upload operate throughout the recordsdata.php module.
The vulnerability permits any unauthenticated person to add arbitrary recordsdata, together with doubtlessly malicious PHP recordsdata, which may result in distant code execution on the affected system.
Notably, the permission_callback parameter of the related REST API endpoint is about to __return_true, permitting any unauthenticated person to set off the weak operate. The lack of correct file sort and extension validation within the code permits for the add of arbitrary recordsdata, posing a big safety threat.
Read extra on WordPress safety: Backup Migration WordPress Plugin Flaw Impacts 90,000 Sites
To mitigate this vulnerability, the plugin’s improvement group launched a patch in model 1.9.99. The patch implements a permission test on the customized REST API endpoint and incorporates file sort and extension checks utilizing the wp_check_filetype_and_ext operate.
In mild of those findings, customers are strongly suggested to replace their AI Engine plugin to not less than model 1.9.99 to make sure their programs are protected towards potential exploitation. The identifier CVE-2023-51409 has been assigned to trace the problem.
“Always test each technique of $_FILES parameters within the plugin or theme code,” reads the Patchstack advisory. “Make positive to use a test on the filename and extension earlier than importing the file. Also, pay additional consideration to the permission checks on the customized REST API endpoints.”