A security flaw affecting over 100,000 WordPress websites has been discovered in the AI Engine plugin, specifically impacting versions 2.9.3 and 2.9.4. The vulnerability, classified as an arbitrary file upload vulnerability, allows authenticated users, starting from subscriber-level access, to upload malicious files and potentially gain remote code execution (RCE) privileges on the server. This type of vulnerability could result in full site compromise.
First seen on thecyberexpress.com
Jump to article: thecyberexpress.com/ai-engine-plugin-vulnerability/
