A security flaw affecting over 100,000 WordPress websites has been discovered in the AI Engine plugin, specifically impacting versions 2.9.3 and 2.9.4. The vulnerability, classified as an arbitrary file upload vulnerability, allows authenticated users, starting from subscriber-level access, to upload malicious files and potentially gain remote code execution (RCE) privileges on the server. This type of vulnerability could result in full site compromise.
The issue, tracked under CVE-2025-7847, was responsibly reported to Wordfence on July 18, 2025, by a researcher known as ISMAILSHADOW through the Wordfence Bug Bounty Program. The vulnerability was introduced just one day earlier, on July 17. For their timely discovery, the researcher was awarded a bounty of $1,170.
Technical Analysis of the AI Engine Vulnerability
The vulnerability resides in the rest_simpleFileUpload() function of the plugin, which failed to enforce proper file type validation. In affected versions, when the “Public API” option is enabled, which is disabled by default, any authenticated user could interact with the plugin’s REST API endpoint /mwai/v1/simpleFileUpload. Without any configured Bearer Token authentication, this endpoint accepts arbitrary files, including PHP scripts, allowing attackers to place malicious code in the site’s public uploads directory.
The issue lies in the upload_file() function in the Meow_MWAI_Modules_Files class. This function used PHP’s native copy() function to store uploaded files without verifying the file’s MIME type or extension. As a result, attackers could bypass file restrictions and execute PHP scripts uploaded to the server. These scripts could be accessed via a browser, leading to remote code execution, one of the most dangerous outcomes of an arbitrary file upload vulnerability.
Exploitation Conditions
It’s important to notice that this flaw does not impact all AI Engine users. Exploitation requires that:
- The “Public API” option in the plugin settings is enabled.
- No Bearer Token or custom authentication method has been configured.
- The user is authenticated (even a subscriber role is sufficient).
When these conditions are met, the plugin’s REST endpoint becomes vulnerable, giving low-level users a pathway to execute malicious server-side code.
Patch and Remediation
On July 22, 2025, the plugin developer, Jordy Meow, responded quickly and released version 2.9.5, which includes a fix. The patch introduces proper validation using WordPress’s built-in wp_check_filetype() function in both the simpleFileUpload() and upload_file() methods. This ensures only permitted file types are accepted, effectively mitigating the vulnerability.
Security Measures and Timelines
- July 18, 2025: Vulnerability submitted to Wordfence.
- July 18, 2025: Validated and disclosed to the developer via the Wordfence Vulnerability Management Portal.
- July 21, 2025: A firewall rule was deployed to Wordfence Premium, Care, and Response users.
- July 22, 2025: Patched version 2.9.5 of AI Engine released.
- August 20, 2025: Protection will be available to Wordfence Free users.
Wordfence’s rapid response helped narrow the opportunity for exploitation. Still, due to the seriousness of the CVE-2025-7847 vulnerability, all users of the AI Engine plugin are urged to update to version 2.9.5 or later immediately, particularly if their site has the Public API feature enabled.
Conclusion
The CVE-2025-7847 vulnerability in the AI Engine plugin stresses the importance of proper input validation and access control, especially for plugins with public API features. Even minor oversights can lead to serious security risks like remote code execution. With AI Engine’s widespread use, ensuring REST API endpoints are secured with authentication is essential.
