The Wordfence Menace Intelligence crew recognized a extreme safety flaw within the AI Engine plugin, a broadly used device put in on over 100,000 WordPress web sites.
This vulnerability, categorised as an Inadequate Authorization to Privilege Escalation by way of Mannequin Context Protocol (MCP), has a CVSS rating of 8.8 (Excessive) and has been assigned the identifier CVE-2025-5071.
Affecting variations 2.8.0 to 2.8.3 of the plugin, the flaw permits authenticated attackers with subscriber-level entry or increased to realize full management over the MCP module, enabling them to execute crucial instructions resembling ‘wp_update_user’.
This may end up in privilege escalation by modifying person roles to administrator stage, posing a big threat of full web site compromise.
Importantly, the difficulty critically impacts solely these customers who’ve manually enabled the Dev Instruments and MCP module within the plugin settings, each of that are disabled by default.
Important Vulnerability Uncovered in Fashionable AI Plugin
The technical root of this vulnerability lies within the plugin’s insufficient permission checks throughout the ‘can_access_mcp()’ perform of the Meow_MWAI_Labs_MCP class.
By default, entry to MCP endpoints was granted to any logged-in person on account of a reliance on the ‘is_user_logged_in()’ situation with out stricter functionality checks.
Even when Bearer Token authentication was configured, a flaw within the ‘auth_via_bearer_token()’ perform allowed attackers to bypass authentication by omitting the token, falling again to the default logged-in person entry.
This oversight enabled attackers to work together with MCP endpoints and execute instructions like ‘wp_create_user’, ‘wp_update_option’, ‘wp_update_post’, and ‘wp_delete_comment’, which might be exploited for malicious actions together with importing backdoors by way of plugins or redirecting customers to dangerous websites.
The potential for such in depth injury underscores the crucial nature of this flaw, as administrative entry grants full management over a WordPress web site’s content material, settings, and person administration.
Swift Patch and Safety Measures Rolled Out
In response to the invention, Wordfence promptly initiated accountable disclosure by contacting the plugin developer, Jordy Meow, on Might 21, 2025.
Inside an hour, the developer acknowledged the difficulty, and after receiving full disclosure particulars, launched a patch in model 2.8.4 on June 18, 2025.
The repair modifies the ‘can_access_mcp()’ perform to implement administrator-level functionality checks by default and strengthens the Bearer Token authentication course of with rigorous empty worth validations.
In keeping with the Report, Wordfence Premium, Care, and Response customers acquired a firewall rule to dam exploitation makes an attempt as early as Might 22, 2025, whereas free customers will acquire the identical safety on June 21, 2025. Wordfence counseled Meow for his or her swift motion in addressing the vulnerability.
Given the severity of this difficulty, WordPress directors are strongly urged to replace to AI Engine model 2.8.4 instantly to safeguard their websites.
This vulnerability serves as a stark reminder of the significance of strong permission controls in plugins dealing with delicate functionalities like AI-driven protocols.
Website house owners utilizing this plugin ought to confirm their settings and guarantee updates are utilized to mitigate the chance of unauthorized entry and potential web site takeover by malicious actors.
Sharing this info with friends who could use the AI Engine plugin can also be really helpful to take care of broader group safety.
Discover this Information Fascinating! Observe us on Google Information, LinkedIn, and X to Get On the spot Updates
