Description
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin’s OpenAI API integration.
Published: 2025-07-24
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Patch
AI Analysis

Impact

The AI Engine plugin for WordPress contains a flaw in the simpleTranscribeAudio endpoint: the plugin does not validate the URL scheme before passing it to get_audio. An authenticated attacker with Subscriber-level permission can supply a URL that points to any file on the web server, causing the plugin to read that file and return its contents through the OpenAI API integration. The vulnerability enables the exfiltration of sensitive server files and is classified as Sensitive Information Exposure (CWE‑200).

Affected Systems

All WordPress sites running the AI Engine plugin, version 2.9.4 or earlier, are affected. The plugin is distributed under the name "AI Engine – The Chatbot, AI Framework & MCP for WordPress" and any installation using these versions can be impacted.

Risk and Exploitability

With a CVSS score of 6.5, the technical severity is considered medium. The EPSS score of less than 1% indicates that exploitation attempts are currently unlikely, and the vulnerability is not listed in CISA’s KEV catalog. However, because the attack only requires authenticated access at the subscriber level, organizations that grant such privileges to users or customers are at risk of having server files read through the plugin. Once the issue is addressed, no known exploitation patterns remain beyond the documented path.

Generated by OpenCVE AI on April 21, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the AI Engine plugin to the latest version, where URL scheme validation is implemented.
  • If an immediate update is not possible, disable or block the simpleTranscribeAudio and get_audio endpoints by adjusting server rules or WordPress capability settings so that only administrators can access them.
  • Enhance server-file access controls and apply a web application firewall rule to block requests that attempt to read sensitive files through the plugin's endpoints.

Generated by OpenCVE AI on April 21, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-22507 The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin’s OpenAI API integration.
History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Title Ai Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

Thu, 24 Jul 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Thu, 24 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 24 Jul 2025 09:30:00 +0000

Type Values Removed Values Added
Description The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin’s OpenAI API integration.
Title Ai Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:52:29.155Z

Reserved: 2025-07-17T22:47:26.450Z

Link: CVE-2025-7780

cve-icon Vulnrichment

Updated: 2025-07-24T13:15:14.321Z

cve-icon NVD

Status : Deferred

Published: 2025-07-24T10:15:28.603

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-7780

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T04:00:10Z

Weaknesses