The Wordfence Risk Intelligence workforce recognized a extreme safety flaw within the AI Engine plugin, a extensively used instrument put in on over 100,000 WordPress web sites.
This vulnerability, categorised as an Inadequate Authorization to Privilege Escalation through Mannequin Context Protocol (MCP), has a CVSS rating of 8.8 (Excessive) and has been assigned the identifier CVE-2025-5071.
Affecting variations 2.8.0 to 2.8.3 of the plugin, the flaw permits authenticated attackers with subscriber-level entry or larger to realize full management over the MCP module, enabling them to execute important instructions akin to ‘wp_update_user’.
.png
)
This can lead to privilege escalation by modifying consumer roles to administrator stage, posing a major threat of full web site compromise.
Importantly, the difficulty critically impacts solely these customers who’ve manually enabled the Dev Instruments and MCP module within the plugin settings, each of that are disabled by default.
Crucial Vulnerability Uncovered in Standard AI Plugin
The technical root of this vulnerability lies within the plugin’s insufficient permission checks throughout the ‘can_access_mcp()’ operate of the Meow_MWAI_Labs_MCP class.
By default, entry to MCP endpoints was granted to any logged-in consumer because of a reliance on the ‘is_user_logged_in()’ situation with out stricter functionality checks.
Even when Bearer Token authentication was configured, a flaw within the ‘auth_via_bearer_token()’ operate allowed attackers to bypass authentication by omitting the token, falling again to the default logged-in consumer entry.
This oversight enabled attackers to work together with MCP endpoints and execute instructions like ‘wp_create_user’, ‘wp_update_option’, ‘wp_update_post’, and ‘wp_delete_comment’, which might be exploited for malicious actions together with importing backdoors through plugins or redirecting customers to dangerous websites.
The potential for such in depth injury underscores the important nature of this flaw, as administrative entry grants full management over a WordPress web site’s content material, settings, and consumer administration.
Swift Patch and Safety Measures Rolled Out
In response to the invention, Wordfence promptly initiated accountable disclosure by contacting the plugin developer, Jordy Meow, on Could 21, 2025.
Inside an hour, the developer acknowledged the difficulty, and after receiving full disclosure particulars, launched a patch in model 2.8.4 on June 18, 2025.
The repair modifies the ‘can_access_mcp()’ operate to implement administrator-level functionality checks by default and strengthens the Bearer Token authentication course of with rigorous empty worth validations.
In response to the Report, Wordfence Premium, Care, and Response customers acquired a firewall rule to dam exploitation makes an attempt as early as Could 22, 2025, whereas free customers will achieve the identical safety on June 21, 2025. Wordfence counseled Meow for his or her swift motion in addressing the vulnerability.
Given the severity of this subject, WordPress directors are strongly urged to replace to AI Engine model 2.8.4 instantly to safeguard their websites.
This vulnerability serves as a stark reminder of the significance of sturdy permission controls in plugins dealing with delicate functionalities like AI-driven protocols.
Website house owners utilizing this plugin ought to confirm their settings and guarantee updates are utilized to mitigate the danger of unauthorized entry and potential web site takeover by malicious actors.
Sharing this info with friends who might use the AI Engine plugin can also be advisable to keep up broader group safety.
Discover this Information Attention-grabbing! Observe us on Google Information, LinkedIn, and X to Get Immediate Updates
