CVE-2025-13380: Critical Arbitrary File Read Vulnerability Plagues AI Engine for WordPress Plugin

Overview

CVE-2025-13380 describes an arbitrary file read vulnerability found in the AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress. This vulnerability affects all versions up to and including 1.0.1. An authenticated attacker with Contributor-level access or higher can exploit this flaw to read sensitive files on the server. This can lead to exposure of configuration files, database credentials, and other critical data.

Technical Details

The vulnerability stems from two main issues:

1. Insufficient Validation in `lqdai_update_post` AJAX Endpoint: The plugin lacks proper validation of user-supplied file paths within the `lqdai_update_post` AJAX endpoint. This allows an attacker to manipulate the file path to point to arbitrary files on the server.
2. Unrestricted `file_get_contents()` Usage in `insert_image()` Function: The `insert_image()` function uses `file_get_contents()` with user-controlled URLs without enforcing any protocol restrictions (e.g., `http://`, `https://`, `file://`). This makes it possible for an attacker to leverage the `file://` protocol to read local files on the server.

Specifically, the vulnerable code snippets can be found in these locations (based on the provided references for version 1.0.1):

• `lqdai_update_post` AJAX endpoint vulnerability (line 315)
• `insert_image()` function vulnerability (line 423)
• Related code impacting the vulnerability (line 83)

CVSS Analysis

The vulnerability has been assigned a CVSS score of 6.5 (MEDIUM). This score reflects the following factors:

• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L) – Contributor access is sufficient
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality Impact (C): High (H)
• Integrity Impact (I): None (N)
• Availability Impact (A): None (N)

Possible Impact

Successful exploitation of this vulnerability can have serious consequences:

• Exposure of Sensitive Data: Attackers can read configuration files containing database credentials, API keys, and other sensitive information.
• Account Takeover: Compromised credentials can be used to gain unauthorized access to the WordPress site and its associated services.
• Code Injection: In some scenarios, reading certain configuration files might reveal paths or settings that could further be exploited for code injection.

Mitigation and Patch Steps

The recommended mitigation is to update the AI Engine for WordPress: ChatGPT, GPT Content Generator plugin to the latest version as soon as a patch is released. The patched version should include proper validation and sanitization of user-supplied file paths and restrict the protocols allowed in the `insert_image()` function.

Until an update is available, consider the following temporary mitigations (though these are not ideal and may impact functionality):

• Disable the Plugin: The most effective way to prevent exploitation is to temporarily disable the AI Engine for WordPress plugin until a patch is available.
• Restrict User Roles: Limit Contributor-level access and above to only trusted users.

References

• CVE ID: CVE-2025-13380
• GitHub Exploit: https://github.com/d0n601/CVE-2025-13380
• WordPress Plugin Trac (Vulnerable Code):
  • `lqdai_update_post` endpoint
  • `insert_image()` function
  • Related Code
• Blog Post Analysis: https://ryankozak.com/posts/cve-2025-13380/
• Wordfence Threat Intelligence: https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0abace-9bf6-4ef9-a9b8-7efffbf25628?source=cve