CVE-2025-12844
📋 TL;DR
The AI Engine WordPress plugin is vulnerable to PHP Object Injection via PHAR deserialization in functions handling audio transcription and vision queries. This allows authenticated attackers with Subscriber-level access or higher to inject PHP objects, but exploitation requires a separate plugin or theme with a POP chain to achieve impact. Sites running AI Engine version 3.1.8 or earlier are affected.
💻 Affected Systems
- AI Engine WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
If combined with a POP chain from another plugin/theme, attackers could delete arbitrary files, retrieve sensitive data, or execute arbitrary code leading to complete site compromise.
Likely Case
Limited impact since no POP chain exists in the vulnerable software itself; exploitation requires specific additional vulnerable components to be present on the target system.
If Mitigated
With proper access controls and no vulnerable POP chains present, the vulnerability has minimal impact as object injection alone cannot achieve code execution.
🎯 Exploit Status
Exploitation requires authenticated access and depends on finding/creating a suitable POP chain from other installed components.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.1.9 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3392052/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find AI Engine plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 3.1.9+ from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable REST endpoints
allRemove or restrict access to the 'rest_simpleTranscribeAudio' and 'rest_simpleVisionQuery' functions
Add to theme's functions.php or custom plugin: remove_action('rest_api_init', 'ai_engine_register_rest_routes');
Restrict user roles
allLimit Subscriber and higher role access to minimize attack surface
Use WordPress role management plugins to restrict capabilities
🧯 If You Can't Patch
- Disable the AI Engine plugin completely until patched
- Implement web application firewall rules to block requests to vulnerable REST endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → AI Engine version. If version is 3.1.8 or earlier, you are vulnerable.Check Version:
wp plugin get ai-engine --field=version (if WP-CLI installed)Verify Fix Applied:
After updating, verify AI Engine plugin version is 3.1.9 or later in WordPress plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-json/ai-engine/v1/ endpoints
- Multiple failed authentication attempts followed by successful Subscriber login
Network Indicators:
- HTTP requests containing serialized PHP data or PHAR wrappers in payloads
SIEM Query:
source="wordpress.log" AND ("rest_simpleTranscribeAudio" OR "rest_simpleVisionQuery") AND status=200🔗 References
- https://github.com/jordymeow/ai-engine/blob/main/classes/api.php#L799
- https://github.com/jordymeow/ai-engine/blob/main/classes/engines/chatml.php#L960-L967
- https://github.com/jordymeow/ai-engine/blob/main/classes/modules/files.php#L237
- https://github.com/jordymeow/ai-engine/blob/main/classes/services/image.php#L43
- https://plugins.trac.wordpress.org/changeset/3392052/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c39c1b72-e3e0-44fb-8fb8-602cb0aa61e3?source=cve
