{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11749", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-14T15:04:46.388Z", "datePublished": "2025-11-05T05:31:25.156Z", "dateUpdated": "2026-04-08T16:33:50.495Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:33:50.495Z"}, "affected": [{"vendor": "tigroumeow", "product": "AI Engine \u2013 The Chatbot, AI Framework & MCP for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation."}], "title": "AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06eaf624-aedf-453d-8457-d03a572fac0d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-engine/trunk/labs/mcp.php#L226"}, {"url": "https://plugins.trac.wordpress.org/changeset/3380753/ai-engine#file10"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Emiliano Versini"}], "timeline": [{"time": "2025-10-14T15:20:01.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-04T17:19:25.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-05T14:18:09.578670Z", "id": "CVE-2025-11749", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T14:39:43.748Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11749", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-05T14:18:09.578670Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T14:18:11.780Z"}}], "cna": {"title": "AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Emiliano Versini"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "tigroumeow", "product": "AI Engine", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.1.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-14T15:20:01.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-04T17:19:25.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06eaf624-aedf-453d-8457-d03a572fac0d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-engine/trunk/labs/mcp.php#L226"}, {"url": "https://plugins.trac.wordpress.org/changeset/3380753/ai-engine#file10"}], "descriptions": [{"lang": "en", "value": "The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-11-05T05:31:25.156Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11749", "state": "PUBLISHED", "dateUpdated": "2025-11-05T14:39:43.748Z", "dateReserved": "2025-10-14T15:04:46.388Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-05T05:31:25.156Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation."}], "id": "CVE-2025-11749", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-05T06:15:33.097", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ai-engine/trunk/labs/mcp.php#L226"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3380753/ai-engine#file10"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06eaf624-aedf-453d-8457-d03a572fac0d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T22:58:25.435933+00:00", "value": {"mitigation_remediation": ["Apply the latest AI Engine plugin release that removes the token exposure (any version newer than 3.1.3).", "If an update is not possible immediately, disable the No-Auth URL option or otherwise restrict the /mcp/v1/ endpoint to require authentication. ", "If disabling the option is not feasible, configure the web server or firewall to allow access to the /mcp/v1/ endpoint only from trusted IP addresses, ensuring that only authorized users can reach it."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the AI Engine \u2013 The Chatbot, AI Framework & MCP for WordPress plugin from the vendors tigroumeow, for all releases up to and including version 3.1.3.", "description_and_impact": "The AI Engine plugin for WordPress has an insecure REST API endpoint at /mcp/v1/ that, when the No- Auth URL option is enabled, returns a bearer token to anyone who can access the endpoint. An unauthenticated attacker can retrieve this token, which can be used to impersonate an authenticated session and perform privileged actions such as creating an administrator account. This vulnerability is a Sensitive Data Exposure (CWE\u2011200) that leads directly to privilege escalation.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical severity, and the EPSS score of 84% suggests a high likelihood of exploitation. Because the flaw is exploitable via a remote, unauthenticated REST API call, an attacker with internet access could obtain the bearer token immediately. The vulnerability is not yet listed in the CISA KEV catalog."}}}}, "created": "2025-11-05T10:47:01.397522+00:00", "updated": "2026-04-27T23:00:13.996344+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}