Security researchers at Wordfence have disclosed a high-severity flaw in the AI Engine WordPress plugin that lets subscriber-level users upload arbitrary files when the REST API is enabled. The vulnerability affects more than 100,000 websites and was patched on 17 July 2025.
Key details
- CVSS 3.1 base score: 8.8 (high)
- Affected versions: 2.9.3 and 2.9.4
- Exploit requirements: authenticated subscriber account and an active REST API endpoint
- Root cause: missing file-type validation, enabling remote code execution
- Fix: version 2.9.5 adds proper validation and server-side request forgery checks
- Fifth disclosed AI Engine vulnerability in 2025; four others surfaced in June and July
Why it matters
AI Engine integrates generative text, image creation, and audio transcription into WordPress by exposing multiple REST API endpoints. Each endpoint widens the attack surface, and insufficient validation can allow attackers to seize site control or pivot further into the hosting environment.
Plugin security record
Wordfence cataloged nine AI Engine vulnerabilities in 2024, two scoring above 9.0 CVSS. With five issues already disclosed in 2025, the plugin continues to require close security attention.
Recommended action
- Update to AI Engine 2.9.5 or later via the WordPress dashboard or CLI.
- Restrict subscriber capabilities where feasible.
- Audit custom roles and disable unused REST API endpoints.
- When developing custom code, validate uploads with the
wp_check_filetype_and_ext()function.
Sources
- Wordfence threat advisory - 17 July 2025
- AI Engine changelog 2.9.5
- WordPress developer documentation for
wp_check_filetype_and_ext()
.svg)
.svg)
.svg)