WordPress Plugin AI Engine: Attackers could escalate privileges

A security vulnerability exists in the WordPress plugin AI Engine, which can allow attackers to escalate privileges up to the point of compromising the WordPress instance. An update for the plugin, which is used on more than 100,000 websites, is available.

According to the plugin description for AI Engine, it is used to program chatbots, create content and AI forms, and automate tasks with AI models. The IT security researchers from Wordfence are now warning of a security vulnerability that allows attackers without prior authentication to read the so-called "Bearer Token" and gain full access to the MCP (Model Context Protocol) used for AI integration. This can be achieved, for example, by accessing the REST API endpoint "/mcp/v1/".

Potential Attacks

They can then pass commands to it that it executes – for example, "wp_update_user", with which malicious actors can escalate their privileges, for instance, to administrators. This allows the WordPress instance to be taken over. However, Wordfence mentions a small limitation – the vulnerability only exists if the "No-Auth URL" option is activated in the MCP settings, which is not the case by default (CVE-2025-11749, CVSS 9.8, Risk "critical").

In Wordfence's analysis, the IT researchers go into more detail for those interested. Important for admins to know: AI Engine versions up to and including 3.1.3 are affected; version 3.1.4 and newer close the security vulnerability.

On Tuesday of this week, attacks on a security vulnerability in the popular WordPress plugin Post SMTP became known. It is used on more than 400,000 WordPress instances. Malicious actors can exploit the vulnerability to ultimately take over the instances. An updated plugin version is also available here, which seals the security leak.

(dmk)