WordPress: AI Engine plug-in puts 100,000 websites at risk

Attackers can abuse a vulnerability in the WordPress plug-in AI Engine to extend their rights and take full control of the website. The plug-in is installed on more than 100,000 WordPress websites. An update to close the security leak has recently been made available.

IT researchers at Wordfence have discovered the vulnerability. According to Wordfence's security announcement, the problem is due to insufficient authorization, which enables the extension of user rights via a vulnerability in MCP (Model Context Protocol) in the AI Engine plug-in. “The vulnerability can be exploited by authenticated attackers who have access rights at subscriber level or higher to gain full access to the MCP and execute various commands such as 'wp_update_user' and thus extend their access rights to administrator by updating their user role,” explain the IT security researchers (CVE-2025-5071 / no EUVD yet, CVSS 8.8, risk “high”).

Limited exploitability

The vulnerability can be abused if the dev tools and the MCP have been activated in the settings. These are disabled by default.

Version 2.8.4 of AI Engine, which has been available since Wednesday of this week, seals the security leak. Anyone using the plug-in on WordPress instances should not delay the update for too long, but should update as soon as possible.

In mid-May, security vulnerabilities in the plug-in TheGem became known that compromised more than 82,000 WordPress sites, allowing attackers to inject malicious code. An update is now available. This was not initially the case for a vulnerability in TI WooCommerce Wishlist at the end of May, which also allowed malicious actors to upload malicious code. The vulnerability, which was classified as “critical” with a maximum CVSS score of 10.0 out of 10 possible points, was present in version 2.9.2 of the WordPress plugin. Version 2.10.0 of the plug-in is now available – according to the patch stack, it is intended to patch the vulnerability.

(dmk)