WordPress AI Feeds Plugin Vulnerability

The WordPress AI Feeds plugin is a popular tool for automating social media updates from your website. However, due to a missing capability check in the 'actualizador_git.php' file, attackers can download arbitrary GitHub repositories and overwrite plugin files on the affected site's server, potentially leading to remote code execution.

You're affected if you use AI Feeds. Specific version info not stated in the advisory.

To fix this vulnerability, upgrade to WordPress AI Feeds version 1.0.12 or later. You can do this by:

• Updating your wp-content/plugins/ai-feeds directory with the latest version from GitHub: https://github.com/d0n601/CVE-2025-13597
• Running the following command in your WordPress dashboard:

wp update-plugin --plugin=ai-feeds --version=1.0.12

Immediate mitigations:

• Restrict network access to your WordPress instance (firewall it from the public internet)
• Audit admin account activity for suspicious access patterns
• Monitor for unauthorized token creation

• github.com
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• ryankozak.com
• www.wordfence.com