Cyber Resilience

CVE-2026-1400

High

Published: 28 January 2026

Published
28 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1400 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 32.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-1400 is an arbitrary file upload vulnerability in the AI Engine – The Chatbot and AI Framework for WordPress plugin, affecting all versions up to and including 3.3.2. The flaw arises from missing file type validation in the `rest_helpers_update_media_metadata` function, classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H) and was published on 2026-01-28.

Authenticated attackers with Editor-level access or higher can exploit the vulnerability by uploading a benign image file and then leveraging the `update_media_metadata` REST endpoint to rename it as a PHP file in the WordPress uploads directory. This allows creation of an executable PHP file on the server, potentially leading to remote code execution.

References to the vulnerable code appear in the plugin's trac browser for version 3.3.0 at lines 1104 and 1141 of classes/rest.php, with a fix applied in changeset 3447500 to the trunk. The Wordfence threat intelligence page provides further details on the issue.

EU & UK References

Vulnerability details

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` function in all versions up to, and including, 3.3.2. This makes…

more

it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The attacker can upload a benign image file, then use the `update_media_metadata` endpoint to rename it to a PHP file, creating an executable PHP file in the uploads directory.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Arbitrary file upload via missing validation directly enables web shell deployment (T1505.003) on a public-facing WordPress application (T1190), resulting in RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15240Shared CWE-434
CVE-2025-13374Shared CWE-434
CVE-2021-47758Shared CWE-434
CVE-2026-30821Shared CWE-434
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of file types and content on the update_media_metadata REST endpoint to block dangerous uploads such as PHP files.

prevent

Limits Editor-level accounts to only the minimum privileges needed, reducing the ability to reach or abuse the vulnerable media-metadata function.

prevent

Restricts the plugin's unnecessary REST endpoint and file-renaming behavior so that arbitrary file upload capability is disabled by default.

References