{"id":59922,"date":"2025-08-06T15:10:02","date_gmt":"2025-08-06T15:10:02","guid":{"rendered":""},"modified":"2025-11-02T15:08:02","modified_gmt":"2025-11-02T21:08:02","slug":"cve-2025-7847-arbitrary-file-upload-vulnerability-in-ai-engine-plugin-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-7847-arbitrary-file-upload-vulnerability-in-ai-engine-plugin-for-wordpress\/","title":{"rendered":"CVE-2025-7847: Arbitrary File Upload Vulnerability in AI Engine Plugin for WordPress<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

Vulnerability CVE-2025-7847 is a critical security issue that affects the AI Engine plugin for WordPress, specifically versions 2.9.3 and 2.9.4. This vulnerability allows authenticated attackers with Subscriber-level access and above to upload arbitrary files to a server when the REST API is enabled. This flaw could potentially lead to remote code execution<\/a>, compromising the system and potentially leading to data leakage.
\nThis vulnerability is a severe issue that affects WordPress<\/a> sites using the vulnerable versions of the AI Engine plugin. The potential for remote code execution means this vulnerability<\/a> could be used to take control of a server, making it a high-priority issue for site administrators and cybersecurity professionals.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-7847
\nSeverity: High (8.8)
\nAttack Vector: Network
\nPrivileges Required: Low (User level access<\/a>)
\nUser Interaction: Required
\nImpact: System compromise or data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n