Arbitrary File Upload Vulnerability in Aiomatic AI Content Writer Plugin for WordPress
CVE-2024-13882

8.8HIGH

Key Information:

Vendor: WordPress
Status: Aiomatic - Automatic Ai Content Writer & Editor, Gpt-3 & Gpt-4, Chatgpt Chatbot & Ai Toolkit
Vendor: CVE Published:; 8 March 2025

Summary

The Aiomatic - Automatic AI Content Writer & Editor for WordPress has a vulnerability that allows authenticated users with Contributor-level access or higher to upload arbitrary files due to inadequate file type validation in the 'aiomatic_generate_featured_image' function. This could potentially lead to remote code execution on the server, compromising the integrity and security of the affected site.

Affected Version(s)

Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit * <= 2.3.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://coderevolution.ro/knowledge-base/faq/full-changel...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

Lucio Sá