CVE-2023-51409 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2023-51409?

CVE-2023-51409 has a CVSS score of 10.0 (CRITICAL). This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the vulnerable AI Engine plugin. Attackers can achieve remote code execution by uploading malicious files like PHP shells. All WordPress sites using AI Engine plugin versions up to 1.9.98 are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the vulnerable AI Engine plugin. Attackers can achieve remote code execution by uploading malicious files like PHP shells. All WordPress sites using AI Engine plugin versions up to 1.9.98 are affected.

💻 Affected Systems

Products:

WordPress AI Engine: ChatGPT Chatbot plugin

Versions: All versions up to and including 1.9.98

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the vulnerable plugin enabled.

📦 What is this software?

Ai Engine by Meowapps

View all CVEs affecting Ai Engine →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as part of a botnet.

🟠

Likely Case

Website defacement, malware distribution, credential theft, and backdoor installation.

🟢

If Mitigated

Limited impact if file uploads are restricted at web server level or WAF blocks malicious uploads.

🌐 Internet-Facing: HIGH - Exploitable without authentication from anywhere on the internet.

🏢 Internal Only: LOW - Primarily affects internet-facing WordPress installations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available with 0-click RCE capability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.99 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-1-9-98-unauthenticated-arbitrary-file-upload-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'AI Engine: ChatGPT Chatbot'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.9.99+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate ai-engine

Restrict file uploads via .htaccess

linux

Block PHP file uploads in WordPress uploads directory

<FilesMatch "\.(php|php5|php7|phtml|phar)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block file uploads to vulnerable endpoints
Restrict access to /wp-content/uploads/ directory and monitor for suspicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → AI Engine version. If version ≤ 1.9.98, vulnerable.

Check Version:

wp plugin get ai-engine --field=version

Verify Fix Applied:

Confirm plugin version is 1.9.99 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/uploads/
POST requests to AI Engine endpoints with file parameters
Execution of unexpected PHP files in uploads directory

Network Indicators:

HTTP POST requests with file uploads to AI Engine plugin endpoints
Unexpected outbound connections from WordPress server

SIEM Query:

source="web_server" AND (uri_path="/wp-json/ai-engine/" OR uri_path="/wp-admin/admin-ajax.php") AND method="POST" AND (file_upload="true" OR content_type="multipart/form-data")

📊 Metadata

CVE ID: CVE-2023-51409

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: April 12, 2024

Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51409, you might also want to check these: