WordPress Kalrav AI Agent plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload via kalrav_upload_file AJAX Action vulnerability

Unauthenticated Arbitrary File Upload via kalravuploadfile AJAX Action vulnerability discovered by Ryan Kozak in WordPress Plugin Kalrav AI Agent versions = 2.3.3...

CVE-2025-13374

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

CVE-2025-13374

CVE-2025-13374 : Kalrav AI Agent plugin for WordPress is vulnerable to unauthenticated arbitrary file upload via the kalrav_upload_file AJAX action in all versions up to and including 2.3.3, with potential for remote code execution. Wordfence reports the patch status as Unpatched and provides CVS...

CVE-2025-13374 Kalrav AI Agent <= 2.3.3 - Unauthenticated Arbitrary File Upload via kalrav_upload_file AJAX Action

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

WordPress plugin Kalrav AI Agent code issue vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4566

Name of the Vulnerable Software and Affected Versions Kalrav AI Agent versions prior to 2.3.4 Description The Kalrav AI Agent plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation in the kalrav upload file AJAX action. This allows unauthenticated...