AI Threat Alert

CVE-2025-12973

HIGH
Published November 21, 2025
CISO Take

If your organization runs WordPress with the S2B AI Assistant plugin, patch immediately to v1.7.9+—this is a trivial-to-exploit file upload vulnerability that gives any Editor-level user a direct path to remote code execution. Review all WordPress editor accounts for compromise and audit recent file uploads in the plugin's storage directory. While the Editor privilege requirement reduces the exposed attack surface, insider threats and account takeover scenarios make this a real operational risk, especially since a public PoC already exists.

Severity & Risk

CVSS 3.1
7.2 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
Trivial

Recommended Action

  1. 1. PATCH: Update S2B AI Assistant plugin to v1.7.9+ immediately via WordPress admin. If patching is not feasible, disable the plugin until updated. 2. AUDIT: Review all WordPress editor-level accounts—revoke unnecessary privileges and enforce MFA. Audit recent uploads in the plugin's storage path for webshells (.php, .phtml, .php5, .phar). 3. DETECT: Query web server access logs for POST requests to plugin upload endpoints followed by GET requests to the same paths—this is the webshell execution pattern. Alert on script execution from upload directories. 4. HARDEN: Implement WAF rules blocking executable file uploads to WordPress plugin directories. Ensure upload directories have no-execute permissions (deny execution via .htaccess or nginx deny block). 5. ROTATE SECRETS: If compromise is suspected, immediately rotate all API keys on the server—OpenAI, Stripe, database credentials, and any secrets in wp-config.php.

Classification

Code Execution Supply Chain Data Extraction Plugin API AML.T0010.001 AML.T0012 AML.T0040 AML.T0049 AML.T0055 AML.T0072

Compliance Impact

This CVE is relevant to:

EU AI Act
Art. 15 - Accuracy, Robustness and Cybersecurity Art. 9 - Risk Management System
ISO 42001
A.10.5 - AI system use by third parties A.8.2 - AI System Security Controls
NIST AI RMF
GOVERN 1.2 - Roles and Responsibilities for AI Risk MANAGE 2.2 - Risk Treatment for AI Systems MANAGE-2.2 - Risk Treatment for AI Risks
OWASP LLM Top 10
LLM03 - Supply Chain Vulnerabilities LLM05 - Supply Chain Vulnerabilities LLM06 - Excessive Agency LLM07 - Insecure Plugin Design

Technical Details

NVD Description

The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploitation Scenario

An adversary targets an organization using the S2B AI Assistant plugin as their customer-facing ChatGPT integration on WordPress. They obtain Editor-level credentials via spearphishing or credential stuffing against the WordPress login portal—a realistic scenario given Editor accounts are often granted to marketing and content teams. Authenticated as an Editor, the adversary calls the plugin's file storage endpoint by submitting a crafted multipart upload request to storeFile(), attaching a PHP webshell with a disguised extension. Since no file type or MIME validation occurs, the webshell is written to the server file system. The adversary directly requests the uploaded file via a browser, achieving arbitrary code execution. From there, they extract the OpenAI API key from plugin configuration, exfiltrate the WordPress database (user PII, chat logs, content), and establish persistent access to the host. If the server is cloud-hosted, they enumerate IAM roles and cloud metadata endpoints for lateral movement.

Weaknesses (CWE)

CWE-434

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

Timeline

Published
November 21, 2025
Last Modified
November 25, 2025
First Seen
November 21, 2025
Back to Threat Feed