WordPress Plugin Vulnerabilities

AI Engine < 3.3.3 - Editor+ Arbitrary File Upload

Description

The plugin is vulnerable to arbitrary file uploads due to missing file type validation. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
ai-engine
Fixed in 3.3.3

References

CVE
CVE-2026-23802
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/615beb4d-c2df-4e1a-8e6b-a393c0fe4834

Miscellaneous

Original Researcher
0xd4rk5id3
Verified
No
WPVDB ID
1876f523-7147-4c7f-aec3-fccf4ac3c97d

Timeline

Publicly Published
2026-02-25 (about 2 months ago)
Added
2026-03-05 (about 2 months ago)
Last Updated
2026-03-05 (about 2 months ago)

Other

Published
Title
Published
2014-08-01
Title
Agritourismo - Remote File Upload
Published
2023-10-09
Title
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
Published
2023-11-30
Title
Contact Form 7 < 5.8.4 - Authenticated (Editor+) Arbitrary File Upload
Published
2025-12-04
Title
PostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2012-07-07
Title
Front End Editor < 2.3 - Arbitrary File Upload