CVE-2024-13882

Name of the Vulnerable Software and Affected Versions The Aiomatic - Automatic AI Content Writer & Editor plugin for WordPress versions up to, and including, 2.3.8

Description The issue is related to arbitrary file uploads due to missing file type validation in the aiomatic generate featured image function. This allows authenticated attackers with Contributor-level access and above to upload arbitrary files on the affected site's server, potentially making remote code execution possible.

Recommendations For versions up to, and including, 2.3.8, consider disabling the aiomatic generate featured image function until a patch is available to prevent arbitrary file uploads. Restrict access to the plugin's file upload functionality to minimize the risk of exploitation.