AI Engine WordPress Plugin(CVE-2023-51409)

February 27, 2024

Introduction

WordPress, the popular content management system (CMS), powers millions of websites worldwide. Its extensibility through plugins allows users to enhance functionality and customize their sites. However, with great power comes great responsibility, and sometimes vulnerabilities slip through the cracks.

In this blog post, we’ll delve into CVE-2023-51409, a severe security flaw that affected the AI Engine plugin—a widely used AI-related WordPress plugin with over 50,000 active installations. Let’s explore the details, understand the root cause, and discuss the steps for exploitation.

The AI Engine Plugin

The AI Engine plugin offers a range of AI tools within WordPress. Here are some of its features:

  1. Chatbot Creation: Users can create chatbots for their websites.
  2. Content Generation: The plugin assists in crafting content.
  3. AI Copilot Integration: It allows users to collaborate with an AI Copilot within the editor.
  4. Statistics Tracking: Users can monitor various metrics related to their site.

Additionally, the AI Playground provides tools like translation, correction, SEO suggestions, and WooCommerce product fields. The plugin even exposes an internal API for other plugins to tap into its capabilities. A patch was released in version 1.9.99 and all the versions before it, including 1.9.98, were vulnerable to this attack.

The Vulnerability: Unauthenticated Arbitrary File Upload

The vulnerability tracked as CVE-2023-51409 falls into the category of an “unauthenticated arbitrary file upload” issue and has a cvss score of 10. What this means is that any unauthenticated user can upload any arbitrary file including script files like php files, etc. which essentially leads to RCE (Remote Code Execution).

Lets understand the root cause behind this vulnerability:The affected endpoint is - https://<path-to-wordpress>/wp-json/mwai-ui/v1/files/upload and its controller function for this endpoint is:

The parameter ‘permission_callback’ is set to ‘__return_true’ which is the reason that unauthenticated users can upload files. If you look carefully, the controller function uses another function called ‘rest_upload’ for actual file handling. In the ‘rest_upload’ function there is no check for file type and hence any type of file can be uploaded without any restriction.

As you can see, the $path value used in ‘move_uploaded_file’  is made using variable $filename and it contained the value of variable $file['name'] which is an entirely user controlled and therefore, we may easily upload any file, such a.php file, to achieve RCE because the method does not properly validate file types or extensions.

Exploitation

Prepare for a hands-on demonstration where we'll be setting up a lab to showcase the vulnerability within the AI Engine plugin. This practical session aims to provide a clear understanding of the exploit, illustrating the potential risks and consequences associated with this identified security flaw. 

To get started, ensure you have Docker installed on your system. Below is the Docker Compose configuration that you can use to set up the lab environment:


version: '3.3'

services:
  db:
    image: mysql:8.0
    environment:
      MYSQL_ROOT_PASSWORD: somewordpress
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress

  wordpress:
    image: wordpress:latest
    ports:
      - "8080:80"
    depends_on:
      - db
    environment:
      WORDPRESS_DB_HOST: db
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress
      WORDPRESS_DB_NAME: wordpress
    volumes:
      - ./wp-content:/var/www/html/wp-content

Copy this code into a docker-compose.yml file. This docker-compose.yml file specifies MySQL version 8.0 and uses the latest version of the WordPress image. Now open a terminal, navigate to the directory containing the file, and run the command: docker-compose up -–build . This will pull the required Docker images and set up a local WordPress instance with the identified vulnerability. After the containers are running, you can access the local WordPress site by opening http://localhost:8080 in your web browser.

Upon accessing the url, set up the environment with all necessary details and access the admin dashboard. To proceed with the demonstration, install the vulnerable version of the AI Engine plugin by downloading it here. Once downloaded, navigate to the WordPress admin dashboard, go to the "Plugins" section, select "Add New," choose "Upload Plugin," upload the downloaded file, and activate the plugin. With the vulnerable version in place, we're ready to explore. And then activate the plugin by navigating to http://localhost:8080/wp-admin/plugins.php.
Also to enable the rest api go to http://localhost:8080/wp-admin/options-permalink.php and make sure “plain” is not selected.

When conducting a penetration test on a real WordPress website, the initial step involves identifying the plugins running on the site, along with their version numbers. To facilitate this process, WPScan can be a valuable tool. You can find WPScan on GitHub: https://github.com/wpscanteam/wpscan. This tool is designed to efficiently enumerate and gather information about plugins, themes, and the overall WordPress environment.

Sometimes a basic WPScan may not identify all the vulnerable plugins so one should do an aggressive plugin detection for vulnerable plugins only. Following command can be used for the same: $ wpscan --url <wordpress-url> --enumerate vp --plugins-detection aggressive --api-token

There is a possibility to detect plugins manually using some common methods like visiting all the urls on the site and looking at footers, trying to access wp-content/plugins/ folder, etc.

Exploiting this vulnerability involves sending a POST request to the vulnerable endpoint with a file path using any HTTP client. And in response you will get the url of the uploaded file. First create a php file with your choice of payload, below is content for test.php:

Then send a POST request to the vulnerable endpoint, i.e. wp-json/mwai-ui/v1/files/upload with a file in the body of the request and below are some examples for the same using different HTTP clients like cURL, ThunderClient, etc. you use any other too.

HTTP request from HTTP client (ThunderClient - VSCode extension):

And response for above request would look something like this:

HTTP request using cURL:

And when you visit this url in your browser you get the contents of phpinfo() because that is how the payload looked: With different payloads you can get different results as per your requirement.

Hardening Wordpress

Hardening is a very important part of any installation or deployment and the same is the case with wordpress. A newly installed wordpress needs some changes so that it is less prone to security issues. Below are some common things to make your wordpress installation more secure:

  • Always keep your wordpress updated with the latest stable version. As newer versions come with patches for security issues found in older versions.

  • Locking down on file permissions, a fresh installation of wordpress comes with loose file permissions and this may allow attackers to take advantage to their benefit and damage the site in a drastic manner.

  • By adding server-side password protection (like BasicAuth) to /wp-admin/, you may further secure your files, the login page, and the admin area of your site. This compels a hacker or bot to target this secondary security measure rather than your admin files itself.

  • Make sure your plugins are regularly updated first. Additionally, remove a certain plugin from the system if you aren't utilizing it.

Mitigation

Considering the severity and ease to exploit , the developers of AI Engine fixed this issue and a patch was released in version 1.9.99. The new version fixed the security gaps by applying a permission check function instead of just returning true, to the previously vulnerable REST endpoint and applied a check on file type and extension using the the wp_check_filetype_and_ext function  provided by wordpress media library.

References

  1. https://securityonline.info/cve-2023-51409-the-severe-vulnerability-threatening-50000-wordpress-sites/
  2. https://patchstack.com/articles/ai-engine-plugin-affected-by-critical-vulnerability/
  3. https://plugins.trac.wordpress.org/changeset/2997429/ai-engine/trunk/classes/modules/files.php?old=2995228&old_path=ai-engine%2Ftrunk%2Fclasses%2Fmodules%2Ffiles.php#file0
  4. https://developer.wordpress.org/advanced-administration/security/hardening/