AI Engine < 2.9.5 – Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions | CVE 2025-7780 | Plugin Vulnerabilities

Description

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin’s OpenAI API integration.

Affects Plugins

Fixed in 2.9.5

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/513274bc-3016-4adb-be78-b13c5fae9c03

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

ISMAILSHADOW

Verified

No

WPVDB ID

81a3a545-a5d0-4675-a280-a58011261e26

Timeline

Publicly Published

2025-07-23 (about 9 months ago)

Added

2025-07-23 (about 9 months ago)

Last Updated

2025-08-20 (about 8 months ago)

Other

Published

Title

Published

2024-08-16

Title

Flash & HTML5 Video < 2.5.32 - Authenticated (Subscriber+) Information Exposure

Published

2025-11-12

Title

Passster < 4.2.20 - Unauthenticated Information Exposure

Published

2025-03-13

Title

Civi <= 2.1.4 - Sensitive Information Exposure

Published

2023-10-18

Title

Popup by Supsystic < 1.10.20 - Missing Authorization to Sensitive Information Exposure

Published

2026-03-13

Title

Doofinder for WooCommerce < 2.10.14 - Unauthenticated Information Exposure