CVE-2024-34440
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files to WordPress sites running the AI Engine: ChatGPT Chatbot plugin. Attackers can exploit this to upload malicious files like web shells, potentially gaining full control of affected websites. All WordPress sites using AI Engine plugin versions up to 2.2.63 are affected.
💻 Affected Systems
- AI Engine: ChatGPT Chatbot WordPress Plugin
📦 What is this software?
Ai Engine by Meowapps
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, or use as part of a botnet.
Likely Case
Website defacement, malware distribution, or credential theft through uploaded web shells.
If Mitigated
Limited impact if file uploads are restricted at web server level or WAF blocks malicious uploads.
🎯 Exploit Status
Exploitation is straightforward - attackers can upload malicious files without authentication using crafted HTTP requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.64 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-2-63-arbitrary-file-upload-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'AI Engine: ChatGPT Chatbot'. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 2.2.64+ from WordPress repository.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the AI Engine plugin until patched.
wp plugin deactivate ai-engine
Restrict File Uploads via .htaccess
linuxBlock PHP and other executable file uploads at web server level.
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|sh|cgi)$">\n Order Allow,Deny\n Deny from all\n</FilesMatch>
🧯 If You Can't Patch
- Remove the AI Engine plugin completely from your WordPress installation
- Implement web application firewall (WAF) rules to block file uploads to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for AI Engine version. If version is 2.2.63 or lower, you are vulnerable.Check Version:
wp plugin get ai-engine --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.2.64 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-content/plugins/ai-engine/ upload endpoints
- File uploads with PHP/executable extensions
- Unusual file creation in upload directories
Network Indicators:
- POST requests with file uploads to AI Engine plugin endpoints
- Traffic patterns showing file uploads followed by execution attempts
SIEM Query:
source="web_server_logs" AND (uri_path="/wp-content/plugins/ai-engine/" AND method="POST" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp"))