CVE-2025-7847 – The AI Engine WordPress plugin versions 2.9.3 a... (How to Fix)

Q: What is the severity of CVE-2025-7847?

CVE-2025-7847 has a CVSS score of 8.8 (HIGH). The AI Engine WordPress plugin versions 2.9.3 and 2.9.4 contain an arbitrary file upload vulnerability in the REST API endpoint. This allows authenticated attackers with Subscriber-level access or higher to upload malicious files to the server, potentially leading to remote code execution. The vulnerability requires the WordPress REST API to be enabled.

📋 TL;DR

The AI Engine WordPress plugin versions 2.9.3 and 2.9.4 contain an arbitrary file upload vulnerability in the REST API endpoint. This allows authenticated attackers with Subscriber-level access or higher to upload malicious files to the server, potentially leading to remote code execution. The vulnerability requires the WordPress REST API to be enabled.

💻 Affected Systems

Products:

AI Engine WordPress Plugin

Versions: 2.9.3 and 2.9.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress REST API to be enabled (enabled by default in most WordPress installations).

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, malware deployment, or website defacement.

🟠

Likely Case

Unauthorized file upload leading to webshell installation, privilege escalation, or backdoor persistence.

🟢

If Mitigated

Limited impact with proper file upload restrictions, web application firewalls, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access (Subscriber role or higher). The vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.5

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3332539/ai-engine/trunk/classes/api.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find AI Engine plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.9.5+ from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Disable REST API endpoint

all

Remove or restrict access to the vulnerable REST API endpoint.

Add to WordPress theme functions.php or custom plugin: add_filter('rest_endpoints', function($endpoints){ if(isset($endpoints['/ai/v1/simple-file-upload'])){ unset($endpoints['/ai/v1/simple-file-upload']); } return $endpoints; });

Disable AI Engine plugin

linux

Temporarily disable the plugin until patched.

wp plugin deactivate ai-engine

🧯 If You Can't Patch

Implement strict file upload validation at web server level (e.g., .htaccess restrictions on executable file uploads).
Deploy web application firewall (WAF) rules to block malicious file upload patterns.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > AI Engine. If version is 2.9.3 or 2.9.4, you are vulnerable.

Check Version:

wp plugin get ai-engine --field=version

Verify Fix Applied:

After update, verify AI Engine plugin version is 2.9.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-json/ai/v1/simple-file-upload endpoint
Uploads of executable files (.php, .phtml, .exe) by non-admin users
Increased POST requests to REST API endpoints

Network Indicators:

POST requests to /wp-json/ai/v1/simple-file-upload with file uploads
Unusual outbound connections from web server after file uploads

SIEM Query:

source="web_server_logs" AND (uri_path="/wp-json/ai/v1/simple-file-upload" OR file_extension IN ("php", "phtml", "exe")) AND user_role="subscriber"

📊 Metadata

CVE ID: CVE-2025-7847

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.24% exploit probability (47.2th percentile)

Published: July 31, 2025

Last Updated: July 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7847, you might also want to check these: