On 18 July 2025, researchers at Wordfence disclosed CVE‑2025‑7847, a high-severity (CVSS 8.8) arbitrary file upload vulnerability in the widely used AI Engine WordPress plugin, affecting versions 2.9.3 and 2.9.4-active on over 100,000 installations. Authenticated users with as little as subscriber-level access could exploit the exposed REST API to upload malicious files, potentially triggering remote code execution. This poses an urgent threat to site integrity globally.
What’s Happened & Timeline of Discovery
| Date | Milestone |
|---|---|
| 18 July 2025 | Wordfence received report and validated PoC within hours. |
| 21 July 2025 | Wordfence Premium, Care & Response users received virtual firewall rules. |
| 22 July 2025 | Plugin developer released AI Engine version 2.9.5 patching the issue. |
| 20 August 2025 | Free Wordfence users slated to receive the protections. |
Technical Roots of the Vulnerability
The flaw lies in the function rest_simpleFileUpload()-used when Public API is enabled-which lacks file type validation, allowing authenticated attackers to upload arbitrary files, including .php shells, via the REST endpoint. Uploads are saved to the publicly accessible wp-content/uploads/. Wordfence rated the flaw CVSS 8.8, underscoring serious risk.
Impact & Risk Velocity
- User base affected: Over 100,000 WordPress websites running AI Engine versions 2.9.3 or 2.9.4 with Public API enabled.
- Exploitability: Requires only subscriber-level access, which is broadly available on most WordPress sites.
- Potential outcome: Full site takeover via remote code execution; attackers could plant web shells, backdoors, or malicious plug-ins.
- Additional context: This vulnerability is the fifth high or critical-rated issue in AI Engine discovered in 2025 alone.
Expert Perspectives
“This makes it possible for authenticated attackers, with Subscriber-level access… to upload arbitrary files… which may make remote code execution possible.”
— Wordfence advisory, 18 July 2025
“The AI Engine plugin flaw lets even low-level user accounts escalate to full admin control if misconfigured.”
— Security summarization by SecurityOnline.info
Patch & Mitigation Measures
- Immediate action: Update AI Engine plugin to version 2.9.5 or newer to close the exploit path.
- Firewall protection: Wordfence Premium, Care, and Response users received protective firewall rules on 21 July 2025; free users on 20 August 2025.
- Patch details: The update adds
wp_check_filetype()file validation to therest_simpleFileUpload()function and hardens permissions logic. (Wordfence, 18 July 2025)
4. 10 Practical Security Recommendations
- Update now: Ensure all WordPress sites using AI Engine are running v2.9.5 or later.
- Disable Public API if unused to eliminate the vulnerable endpoint.
- Restrict subscriber-level uploads: only grant REST API file upload capabilities to trusted roles.
- Enable WAF rules: apply Wordfence or other web application firewall protections immediately.
- Audit upload directories for recent
.phpfiles that could indicate compromise. - Review user roles and permissions, minimizing subscriber-level access where possible.
- Monitor logs (access, error, REST API activity) for unusual file upload activity.
- Segregate admin modules such as Dev Tools and MCP on production sites.
- Educate content teams about risks of enabling advanced plugin features.
- Subscribe to WordPress security [news, updates, alerts, best practices, trends] to stay proactive: see cybercory.com and for hands-on services check saintynet.com.
5. Conclusion
CVE‑2025‑7847 in AI Engine is a sharp reminder: even authenticated file uploads can lead to full WordPress site takeover if input validation is neglected. With over 100,000 websites affected, swift patching, configuration review, and layered defenses are essential. Administrators must act immediately to mitigate risk and avoid compromise. Vigilance and defense‑in‑depth remain the cornerstone of WordPress security.
Sources
- Wordfence blog post: 100,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Engine WordPress Plugin – 18 July 2025
- Feedly CVE summary: CVE‑2025‑7847 – 30 July 2025
- SearchEngineJournal article: AI Engine Plugin Vulnerability Affects Up To 100,000 Websites – 30 July 2025
- Heise Online coverage of AI Engine exploit risk – 19 June 2025