CVE-2025-7847 is a high-severity vulnerability affecting the tigroumeow AI Engine WordPress plugin, specifically versions 2.9.3 and 2.9.4. The vulnerability arises from the rest_simpleFileUpload() function, which lacks proper file type validation, allowing authenticated users with Subscriber-level access or higher to upload arbitrary files to the server when the WordPress REST API is enabled. This unrestricted file upload vulnerability (CWE-434) can be exploited to upload malicious files, potentially leading to remote code execution (RCE) on the affected web server. The vulnerability is particularly dangerous because it requires only low-privilege authentication and no user interaction beyond that, and the attack surface is exposed via the REST API, which is commonly enabled in modern WordPress installations. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and the requirement of only low privileges. Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk due to the widespread use of WordPress and the tigroumeow AI Engine plugin for AI-related content generation and processing. Without proper file type validation, attackers can upload web shells or other malicious payloads, leading to full server compromise, data theft, defacement, or pivoting to internal networks.

For European organizations, this vulnerability poses a substantial risk, especially for those relying on WordPress sites with the tigroumeow AI Engine plugin enabled. The potential for remote code execution means attackers could gain full control over web servers, leading to data breaches involving sensitive personal data protected under GDPR, service disruptions, and reputational damage. Organizations in sectors such as e-commerce, media, education, and government that utilize WordPress extensively are at heightened risk. The ability for low-privilege users to exploit this flaw increases the threat from insider threats or compromised accounts. Additionally, the REST API exposure means that automated attacks could be launched remotely without direct user interaction, increasing the likelihood of exploitation. The impact extends beyond confidentiality to integrity and availability, as attackers could deface websites, inject malicious content, or disrupt services critical to business operations.

To mitigate this vulnerability effectively, organizations should take the following specific actions: 1) Immediately update the tigroumeow AI Engine plugin to a patched version once available, as no patch links are currently provided, monitoring vendor advisories closely. 2) Temporarily disable or restrict access to the WordPress REST API if it is not essential, using plugins or server-level controls to limit exposure. 3) Implement strict file upload restrictions at the web server or application firewall level, enforcing MIME type and extension whitelisting to prevent dangerous file types from being accepted. 4) Enforce the principle of least privilege by reviewing and minimizing user roles, especially Subscriber-level accounts, and monitoring for suspicious account activity. 5) Deploy Web Application Firewalls (WAFs) with rules targeting arbitrary file upload attempts and anomalous REST API usage patterns. 6) Conduct regular security audits and vulnerability scans focusing on WordPress plugins and REST API endpoints. 7) Monitor logs for unusual file uploads or execution attempts and establish incident response procedures for rapid containment. These measures, combined, reduce the attack surface and limit the potential for exploitation until a vendor patch is applied.