{"id":10321,"date":"2025-07-30T17:33:55","date_gmt":"2025-07-30T17:33:55","guid":{"rendered":"https:\/\/affinite.io\/cs\/?p=10321"},"modified":"2025-07-30T17:44:33","modified_gmt":"2025-07-30T17:44:33","slug":"vazna-zranitelnost-v-pluginu-ai-engine-pro-wordpress","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/vazna-zranitelnost-v-pluginu-ai-engine-pro-wordpress\/","title":{"rendered":"V\u00e1\u017en\u00e1 zranitelnost v pluginu AI\u202fEngine pro WordPress"},"content":{"rendered":"\n<p>V \u010dervenci 2025 bezpe\u010dnostn\u00ed t\u00fdm Wordfence identifikoval <strong>z\u00e1va\u017enou zranitelnost typu \u201earbitrary file upload\u201c<\/strong> v pluginu <strong>AI\u202fEngine pro WordPress<\/strong>, kter\u00e1 postihuje p\u0159ibli\u017en\u011b <strong>100\u202f000 instalac\u00ed<\/strong>. Tato chyba umo\u017e\u0148ovala \u00fato\u010dn\u00edk\u016fm nahr\u00e1vat libovoln\u00e9 soubory (nap\u0159. PHP) bez p\u0159ihl\u00e1\u0161en\u00ed a m\u016f\u017ee v\u00e9st i k \u00fapln\u00e9mu p\u0159evzet\u00ed kontroly nad webem.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Popis zranitelnosti<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Co je <em>arbitrary file upload<\/em><\/h3>\n\n\n\n<p>Jedn\u00e1 se o chybu, kdy plugin umo\u017e\u0148uje nahr\u00e1n\u00ed souboru bez validace \u2013 \u00fato\u010dn\u00edk m\u016f\u017ee uploadovat \u0161kodliv\u00fd soubor (nap\u0159. PHP) do serveru, kter\u00fd se n\u00e1sledn\u011b spust\u00ed, co\u017e m\u016f\u017ee v\u00e9st k <strong>vzd\u00e1len\u00e9mu spu\u0161t\u011bn\u00ed k\u00f3du (RCE)<\/strong> nebo ovl\u00e1dnut\u00ed cel\u00e9 instalace WordPressu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Konkr\u00e9tn\u00ed mechanismus v pluginu AI\u202fEngine<\/h3>\n\n\n\n<ul class=\"wp-block-list has-white-color has-text-color has-link-color wp-elements-26d3f5d10eb4c46c6f31dd2fb5331477\">\n<li>Chyba spo\u010d\u00edvala v REST API endpointu <code>\/mwai-ui\/v1\/files\/upload<\/code>, kde nebyla \u017e\u00e1dn\u00e1 validace typu souboru ani opr\u00e1vn\u011bn\u00ed.<\/li>\n\n\n\n<li><code>permission_callback<\/code> byl nastaven na <code>__return_true<\/code>, tak\u017ee ho mohl volat kdokoliv, i bez p\u0159ihl\u00e1\u0161en\u00ed.<\/li>\n\n\n\n<li>\u00dato\u010dn\u00edk mohl nahr\u00e1t PHP soubor do ve\u0159ejn\u00e9 slo\u017eky a pot\u00e9 jej spustit p\u0159\u00edmo p\u0159es URL.<\/li>\n<\/ul>\n\n\n\n<p>Chyba byla opravena ve verzi <strong>2.9.5<\/strong>. V\u0161echny p\u0159edchoz\u00ed verze jsou zraniteln\u00e9.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Dopady a rizika<\/h2>\n\n\n\n<ul class=\"wp-block-list has-white-color has-text-color has-link-color wp-elements-d93024290ba46302b5efbbea68a8f669\">\n<li>\u00dato\u010dn\u00edk m\u016f\u017ee z\u00edskat <strong>plnou kontrolu nad webem<\/strong> nahr\u00e1n\u00edm a spu\u0161t\u011bn\u00edm PHP souboru.<\/li>\n\n\n\n<li>M\u016f\u017ee doj\u00edt k <strong>kr\u00e1de\u017ei dat<\/strong>, <strong>defacementu<\/strong> nebo p\u0159ipojen\u00ed webu do botnetu.<\/li>\n\n\n\n<li>Zranitelnost byla aktivn\u011b zneu\u017e\u00edv\u00e1na ji\u017e p\u0159ed zve\u0159ejn\u011bn\u00edm opravy.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Zranitelnosti shrnut\u00e9 v bodech<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>N\u00e1zev chyby<\/th><th>Opr\u00e1vn\u011bn\u00ed<\/th><th>Mo\u017enosti \u00fato\u010dn\u00edka<\/th><th>Oprava<\/th><\/tr><\/thead><tbody><tr><td><strong>Arbitrary file upload<\/strong><\/td><td>Bez p\u0159ihl\u00e1\u0161en\u00ed<\/td><td>Nahr\u00e1n\u00ed PHP\/XSS souboru<\/td><td>Validace typu souboru<\/td><\/tr><tr><td><strong>Chyb\u011bj\u00edc\u00ed kontrola opr\u00e1vn\u011bn\u00ed<\/strong><\/td><td>REST API dostupn\u00e9 v\u0161em<\/td><td>Vol\u00e1n\u00ed API bez omezen\u00ed<\/td><td>permission_callback<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Jak se zranitelnost \u0159e\u0161\u00ed<\/h2>\n\n\n\n<ul class=\"wp-block-list has-white-color has-text-color has-link-color wp-elements-1d1056d3e4d080e6a73c3960346a8885\">\n<li><strong>Aktualizujte plugin<\/strong> AI\u202fEngine na verzi 2.9.5 nebo vy\u0161\u0161\u00ed.<\/li>\n\n\n\n<li>Pokud pou\u017e\u00edv\u00e1te bezpe\u010dnostn\u00ed plugin (nap\u0159. Wordfence), ov\u011b\u0159te, \u017ee m\u00e1te aktivn\u00ed WAF a aktu\u00e1ln\u00ed pravidla.<\/li>\n\n\n\n<li>Omezte pr\u00e1va pro nahr\u00e1v\u00e1n\u00ed soubor\u016f \u2013 plat\u00ed p\u0159edev\u0161\u00edm pro REST API a nezaregistrovan\u00e9 u\u017eivatele.<\/li>\n\n\n\n<li>Kontrolujte logy, nahran\u00e9 soubory a nezn\u00e1m\u00e9 PHP skripty v adres\u00e1\u0159i <code>wp-content\/uploads<\/code>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Doporu\u010den\u00ed pro spr\u00e1vce<\/h2>\n\n\n\n<p>Pokud na sv\u00e9m webu pou\u017e\u00edv\u00e1te plugin <strong>AI\u202fEngine<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list has-white-color has-text-color has-link-color wp-elements-151f6cfd721d9b780cd18f605bfbcf45\">\n<li>Okam\u017eit\u011b aktualizujte na nejnov\u011bj\u0161\u00ed verzi (minim\u00e1ln\u011b 2.9.5).<\/li>\n\n\n\n<li>Ov\u011b\u0159te, \u017ee m\u00e1te aktivn\u00ed bezpe\u010dnostn\u00ed plugin a pravidla firewallu (nap\u0159. Wordfence).<\/li>\n\n\n\n<li>Sledujte ozn\u00e1men\u00ed v\u00fdvoj\u00e1\u0159\u016f plugin\u016f a pravideln\u011b prov\u00e1d\u011bjte aktualizace.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h2>\n\n\n\n<p>Zranitelnost v pluginu AI\u202fEngine umo\u017e\u0148ovala neautorizovan\u00fd upload soubor\u016f a potenci\u00e1ln\u00ed ovl\u00e1dnut\u00ed webu. Byla opravena ve verzi 2.9.5, a v\u0161em u\u017eivatel\u016fm se d\u016frazn\u011b doporu\u010duje okam\u017eit\u00e1 aktualizace. Tento incident op\u011bt ukazuje, jak d\u016fle\u017eit\u00e1 je pravideln\u00e1 \u00fadr\u017eba, bezpe\u010dnostn\u00ed pluginy a kontrola REST API p\u0159\u00edstup\u016f.<\/p>\n\n\n\n<p>Pot\u0159ebujete-li pomoc s kontrolou nebo zabezpe\u010den\u00edm va\u0161eho webu, nev\u00e1hejte m\u011b kontaktovat.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>V \u010dervenci 2025 bezpe\u010dnostn\u00ed t\u00fdm Wordfence identifikoval z\u00e1va\u017enou zranitelnost typu \u201earbitrary file upload\u201c v pluginu AI\u202fEngine pro WordPress, kter\u00e1 postihuje p\u0159ibli\u017en\u011b 100\u202f000 instalac\u00ed. Tato chyba umo\u017e\u0148ovala \u00fato\u010dn\u00edk\u016fm nahr\u00e1vat libovoln\u00e9 soubory (nap\u0159. PHP) bez p\u0159ihl\u00e1\u0161en\u00ed a m\u016f\u017ee v\u00e9st i k \u00fapln\u00e9mu p\u0159evzet\u00ed kontroly nad webem. Popis zranitelnosti 1. Co je arbitrary file upload Jedn\u00e1 se o<\/p>\n","protected":false},"author":1,"featured_media":10323,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","footnotes":""},"categories":[6],"tags":[],"class_list":["post-10321","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu"],"uagb_featured_image_src":{"full":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2025\/07\/plugin-vulnerability.webp",1536,1024,false],"thumbnail":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2025\/07\/plugin-vulnerability-150x150.webp",150,150,true],"medium":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2025\/07\/plugin-vulnerability-300x200.webp",300,200,true],"medium_large":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2025\/07\/plugin-vulnerability-768x512.webp",640,427,true],"large":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2025\/07\/plugin-vulnerability-1024x683.webp",640,427,true],"1536x1536":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2025\/07\/plugin-vulnerability.webp",1536,1024,false],"2048x2048":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2025\/07\/plugin-vulnerability.webp",1536,1024,false],"archive-list":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2025\/07\/plugin-vulnerability-400x265.webp",400,265,true]},"uagb_author_info":{"display_name":"Affinite","author_link":"https:\/\/affinite.io\/cs\/author\/affinite\/"},"uagb_comment_info":0,"uagb_excerpt":"V \u010dervenci 2025 bezpe\u010dnostn\u00ed t\u00fdm Wordfence identifikoval z\u00e1va\u017enou zranitelnost typu \u201earbitrary file upload\u201c v pluginu AI\u202fEngine pro WordPress, kter\u00e1 postihuje p\u0159ibli\u017en\u011b 100\u202f000 instalac\u00ed. Tato chyba umo\u017e\u0148ovala \u00fato\u010dn\u00edk\u016fm nahr\u00e1vat libovoln\u00e9 soubory (nap\u0159. PHP) bez p\u0159ihl\u00e1\u0161en\u00ed a m\u016f\u017ee v\u00e9st i k \u00fapln\u00e9mu p\u0159evzet\u00ed kontroly nad webem. Popis zranitelnosti 1. Co je arbitrary file upload Jedn\u00e1 se o","_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/10321"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=10321"}],"version-history":[{"count":1,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/10321\/revisions"}],"predecessor-version":[{"id":10322,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/10321\/revisions\/10322"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/10323"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=10321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=10321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=10321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}