cleantalk
Vulnerabilities and Security Researches

AI Engine, CVE-2025-7847

CVE, Research URL

CVE-2025-7847

Home page URL

Security reports for AI Engine

Application

AI Engine

Published on
Jul 31, 2025
Research Description
The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server when the REST API is enabled, which may make remote code execution possible.
Affected versions
Min 2.9.3, max 2.9.5.
Status
vulnerable
Previous vulnerability researches
Brizy – Page Builder (CVE-2025-4370) , Jul 29, 2025
Brizy – Page Builder (CVE-2025-32198) , Apr 10, 2025
Brizy – Page Builder (CVE-2024-10960) , Feb 16, 2025
Brizy – Page Builder (CVE-2024-10322) , Feb 16, 2025
Brizy – Page Builder (CVE-2024-6254) , Aug 08, 2024
New vulnerability
Supermalink (CVE-2025-49433) , Aug 02, 2025
BerqWP – Core Web Vitals & Speed Optimization Using Cloud (CVE-2025-7443) , Aug 02, 2025
NinjaScanner – Virus & Malware scan (CVE-2025-8213) , Aug 02, 2025
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. (CVE-2025-4684) , Aug 02, 2025
Blogger Buzz (CVE-2025-54680) , Aug 02, 2025