CVE-2024-12471 is a code injection vulnerability classified under CWE-94 affecting the Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress. The vulnerability arises from a missing capability check and lack of file type validation in the add_image_to_library AJAX action function. This flaw allows authenticated attackers with subscriber-level permissions or higher to upload arbitrary files, including potentially malicious scripts, to the server. Because the plugin does not properly restrict or validate the uploaded content, attackers can leverage this to execute remote code on the hosting server, leading to full system compromise. The vulnerability affects all plugin versions up to 1.3.1. The CVSS v3.1 score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and requiring only low privileges without user interaction. Although no public exploits are currently known, the vulnerability's nature and ease of exploitation make it a significant threat to WordPress sites using this plugin. The lack of patch links suggests that a fix may not yet be available, emphasizing the need for immediate mitigation steps.

The vulnerability enables attackers to upload arbitrary files and execute remote code on affected WordPress servers, potentially leading to full system compromise. This can result in unauthorized data access or exfiltration, defacement or destruction of website content, deployment of malware or ransomware, and use of compromised servers as pivot points for further attacks within organizational networks. Given WordPress's widespread use, organizations relying on this plugin face risks of service disruption, reputational damage, and regulatory non-compliance due to data breaches. The requirement for only subscriber-level authentication lowers the barrier for exploitation, increasing the likelihood of insider threats or compromised low-privilege accounts being leveraged. The absence of user interaction and low attack complexity further exacerbate the threat, making automated or scripted attacks feasible. Organizations with public-facing WordPress sites using this plugin are particularly vulnerable to external attackers gaining foothold and escalating privileges.

Until an official patch is released, organizations should immediately restrict access to the plugin by disabling or uninstalling it if feasible. Review and tighten user role permissions to limit subscriber-level accounts and monitor for suspicious login activity. Implement web application firewall (WAF) rules to detect and block attempts to access the add_image_to_library AJAX endpoint or upload suspicious file types. Conduct thorough file integrity monitoring on upload directories to detect unauthorized file additions. Employ network segmentation to isolate WordPress servers from critical internal systems. Regularly audit installed plugins and remove unused or untrusted ones. Monitor logs for anomalous activity related to file uploads or code execution attempts. Once a patch becomes available, prioritize prompt application and verify the fix through testing. Additionally, consider deploying runtime application self-protection (RASP) solutions to detect and prevent exploitation attempts in real time.