CVE-2025-7847 – WordPress AI Engine Plugin Arbitrary File Upload Vulnerability

July 31, 2025

CVE ID : CVE-2025-7847

Published : July 31, 2025, 5:15 a.m. | 18 hours, 9 minutes ago

Description : The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server when the REST API is enabled, which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53558 – ZTE Japan K.K. ZXHN-F660T/F660A Default Credential Vulnerability

Next Article The hidden crisis behind AI’s promise: Why data quality became an afterthought

Highlights

CVE-2025-7789 – Xuxueli xxl-job Password Hashing Weakness

July 18, 2025

CVE ID : CVE-2025-7789

Published : July 18, 2025, 4:15 p.m. | 1 hour, 3 minutes ago

Description : A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-7847 – WordPress AI Engine Plugin Arbitrary File Upload Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Ubuntu 25.10 Snapshot 2 is Now Available to Download

Rilasciato PeaZip 10.6: Il Gestore di Archivi Open Source per Tutti i Sistemi Operativi

CVE-2025-5159 – H3C SecCenter SMP-E1114P02 Remote Path Traversal Vulnerability

I finally found a power bank with a wireless charging pad, and it’s sustainably-made

CVE-2025-7789 – Xuxueli xxl-job Password Hashing Weakness

ChatGPT will remember everything you tell it now – like a real personal assistant

NVIDIA AI Introduces Fast-dLLM: A Training-Free Framework That Brings KV Caching and Parallel Decoding to Diffusion LLMs

Launch an AI-Powered MVP in Just 5 Weeks | Quick Guide

CVE-2025-7847 – WordPress AI Engine Plugin Arbitrary File Upload Vulnerability

Related Posts