CVE-2025-7847 – WordPress AI Engine Plugin Arbitrary File Upload Vulnerability

July 31, 2025

CVE ID : CVE-2025-7847

Published : July 31, 2025, 5:15 a.m. | 18 hours, 9 minutes ago

Description : The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server when the REST API is enabled, which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53558 – ZTE Japan K.K. ZXHN-F660T/F660A Default Credential Vulnerability

Next Article The hidden crisis behind AI’s promise: Why data quality became an afterthought

Highlights

CVE-2025-34024 – Edimax EW-7438RPn Command Injection Vulnerability

June 20, 2025

CVE ID : CVE-2025-34024

Published : June 20, 2025, 7:15 p.m. | 3 hours, 14 minutes ago

Description : An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-7847 – WordPress AI Engine Plugin Arbitrary File Upload Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

CVE-2023-53122 – RISC-V SiFive Errata Patching Mutex Vulnerability

DistroWatch Weekly, Issue 1117

CVE-2025-33117 – IBM QRadar SIEM Command Injection Vulnerability

Vxceed secures transport operations with Amazon Bedrock

CVE-2025-34024 – Edimax EW-7438RPn Command Injection Vulnerability

Vulnerabilities in Netis Systems WF2220 software

CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution

Learn REST API Principles by Building an Express App

CVE-2025-7847 – WordPress AI Engine Plugin Arbitrary File Upload Vulnerability

Related Posts