A critical security flaw has been found in the popular AI Engine plugin for WordPress β currently active on more than 100,000 websites.
This marks the fifth vulnerability reported in the plugin this year, and the fourth one just in July.
What makes this worse?
Even low-level users with subscriber access can upload malicious files directly to the server.
If youβre using this plugin to power AI features on your WordPress site, this oneβs too close for comfort.
But it doesnβt stop there.
A separate vulnerability has now been flagged in Customer Reviews for WooCommerce, another widely used plugin running on over 80,000 eCommerce sites. This one leaves them open to stored cross-site scripting (XSS) attacks.
And if youβre thinking, βI donβt use WordPress, so Iβm goodββthink again.
Wix just faced a major authentication flaw through its Base44 platform, exposing serious risks even in enterprise-grade apps.
AI Engine Plugin Vulnerability Exposes 100,000+ WordPress Sites
In whatβs become an unsettlingly frequent occurrence, the AI Engine WordPress plugin installed on over 100,000 sites was found to harbor its fifth major vulnerability this year, and the fourth one just this July.
This time, the flaw allows subscriber-level users, usually the lowest tier of access on a site to upload arbitrary files via the REST API, a vector that could potentially lead to remote code execution.
How bad is it?
CVSS Score: 8.8/10 β high severity.
The underlying issue?Β
Missing file type validation in versions 2.9.3 and 2.9.4 of the plugin. When WordPress allows file uploads, it usually validates the type of the file against its content and extension.
But here, that step was skipped, making it dangerously easy for attackers to upload PHP files disguised as legitimate content.
Imagine that a seemingly harmless subscriber uploads a corrupted audio file or image. In the backend, it is not just a file but a backdoor script.
Here is what Wordfence said in its advisory:
βThis makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected siteβs server when the REST API is enabled, which may make remote code execution possible.β
This is not just theoretical.
The plugin had nine vulnerabilities discovered in 2024 which includes one rated 9.8, which allowed unauthenticated file uploads and another rated 9.1.
This new flaw adds to a growing list that is beginning to concern developers and security experts alike.
The pluginβs developer acted swiftly by releasing version 2.9.5, where changes include:
- Fixing a server-side request forgery (SSRF) issue in audio transcription.
- Sanitizing REST API parameters to prevent API key misuse.
- Adding strict file type validation to eliminate arbitrary file uploads.
WooCommerce Plugin Flaw Affects 80,000 Sites β Unauthenticated Stored XSS
And just as WordPress developers were patching AI Engine, another alert came in this time from the Customer Reviews for WooCommerce plugin, active on more than 80,000 websites.
This vulnerability is classified as Stored Cross-Site Scripting (XSS). It allows attackers to insert malicious scripts into pages, which then execute every time a user (admin, buyer or site visitor) opens that page.
And here is the important thing to understand: that no authentication is required. Literally anyone with access to the pluginβs frontend could exploit it.
The flaw lies in the βauthorβ parameter of the pluginβs review submission form, which failed to properly sanitize input and escape output basic but critical security steps.
From the Wordfence team:
βThe plugin is vulnerable to Stored Cross-Site Scripting via the βauthorβ parameter in all versions up to, and including, 5.80.2.
This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.β
Again, this is the kind of vulnerability that leads to site defacement, data theft or malicious redirects. A single review form field becomes a gateway for attackers to embed JavaScript that logs keystrokes or redirects users to phishing sites.
Wixβs Base44 Platform Exposes Enterprise-Level Vulnerability
Now, letβs take this beyond WordPress. The folks at Wiz Security recently discovered a critical flaw in Wixβs Base44 vibe coding platform, which had the potential to bypass authentication systems across enterprise-grade apps.
Let that sink in.
Wix, known for its secure and scalable web development offerings, found itself in hot water when application IDs (app_id) supposed to be secret were exposed in public-facing URLs and manifest files.
This exposure allowed attackers to:
- Identify a valid app_id from a public link.
- Use tools like Swagger-UI to simulate user registration even on apps with registration disabled.
- Receive an OTP via email.
- Log in and gain full access via the appβs SSO flow.
The applications affected were not toy apps either.
Many were used for internal operations like HR management, knowledge bases or employee chat systems systems that handle personally identifiable information (PII) daily.
Wiz put it bluntly:
βWhat made this vulnerability particularly concerning was its simplicity which required only basic API knowledge to exploit.β
The implication? Systemic ecosystem-level risks from platforms moving too fast and skipping deep security validation.
Wix did respond quickly, patching the issue within 24 hours. But the discovery raises an important question:
If the manifest.json file publicly revealed the app_id, and it was that easy to spot with basic reconnaissance techniques, why hadnβt it been caught in earlier security audits?
Wiz didnβt hold back:
βThis low barrier to entry meant attackers could systematically compromise multiple applications across the platform with minimal technical sophistication.β
What is The Real Threat Here?
We are seeing a pattern and one that does not end at WordPress or Wix. It is part of a broader issue.
- AI integrations are expanding rapidly.
- Low-code/no-code platforms are empowering users but sometimes at the expense of cybersecurity.
- Security measures like file validation, sanitization and hidden keys are being skipped or overlooked.
When subscriber-level access or even no access, is enough to exploit a vulnerability, the traditional security models begin to falter.
Takeaways for Developers, Site Owners and Enterprises
- Update Immediately: If you are using AI Engine, upgrade to version 2.9.5. If you’re on WooCommerce Reviews, upgrade past 5.80.2.
- Audit Regularly: Donβt wait for public disclosures. Conduct security audits even for plugins and apps you trust.
- Avoid Complacency with Access Controls: Donβt assume subscriber-level users pose no threat.
- Inspect Public URLs: If sensitive identifiers are visible, that is a red flag.
- Push Vendors for Transparency: Whether itβs WordPress, Wix or another platform, demand faster disclosure cycles and robust changelogs.
Systemic Vulnerabilities Are No Longer Rare
If 2024 showed signs of rising plugin-related security threats, 2025 is confirming the trend.
AI-based plugins, review systems and vibe-coding platforms all promise speed and scale but without parallel advances in security, they can unravel entire ecosystems with a single flaw.
But letβs also remember that a plugin that makes life easier can also open the door to something far worse.
Dileep Thekkethil
AuthorDileep Thekkethil is the Director of Marketing at Stan Ventures, where he applies over 15 years of SEO and digital marketing expertise to drive growth and authority. A former journalist with six years of experience, he combines strategic storytelling with technical know-how to help brands navigate the shift toward AI-driven search and generative engines. Dileep is a strong advocate for Googleβs EEAT standards, regularly sharing real-world use cases and scenarios to demystify complex marketing trends. He is an avid gardener of tropical fruits, a motor enthusiast, and a dedicated caretaker of his pair of cockatiels.