{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5570", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-03T20:33:41.338Z", "datePublished": "2025-07-08T01:43:47.424Z", "dateUpdated": "2026-04-08T17:12:48.771Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:48.771Z"}, "affected": [{"vendor": "tigroumeow", "product": "AI Engine \u2013 The Chatbot, AI Framework & MCP for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.8.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a32dcf96-ec75-46b1-8f1d-608411ad5147?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.2/classes/modules/chatbot.php#L617"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "timeline": [{"time": "2025-05-28T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-07-03T11:37:08.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-07-07T12:13:01.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T14:27:48.573365Z", "id": "CVE-2025-5570", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T16:12:46.075Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5570", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T14:27:48.573365Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T14:27:53.009Z"}}], "cna": {"title": "AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "tigroumeow", "product": "AI Engine \u2013 The Chatbot, AI Framework & MCP for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.8.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-28T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-07-03T11:37:08.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-07-07T12:13:01.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a32dcf96-ec75-46b1-8f1d-608411ad5147?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.2/classes/modules/chatbot.php#L617"}], "descriptions": [{"lang": "en", "value": "The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:48.771Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5570", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:12:48.771Z", "dateReserved": "2025-06-03T20:33:41.338Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-08T01:43:47.424Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:meowapps:ai_engine:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "769DE550-310A-4B5F-8BFF-B1315D5BFBF3", "versionEndExcluding": "2.8.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento AI Engine para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del par\u00e1metro 'id' del shortcode mwai_chatbot en todas las versiones hasta la 2.8.4 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-5570", "lastModified": "2025-08-13T19:31:29.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-07-08T03:15:30.423", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.2/classes/modules/chatbot.php#L617"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a32dcf96-ec75-46b1-8f1d-608411ad5147?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:50:49.508972+00:00", "value": {"mitigation_remediation": ["Update the AI Engine plugin to a version newer than 2.8.4 that contains the XSS fix.", "Remove or disable the mwai_chatbot shortcode from content that is accessible to users with Subscriber or lower privileges.", "Add a Content Security Policy that blocks execution of inline scripts to mitigate any remaining XSS risk."], "summary": {"action": "Patch Immediately", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "All installations of the AI Engine \u2013 The Chatbot, AI Framework & MCP for WordPress up to and including version 2.8.4 are affected. This includes any WordPress sites that have placed the mwai_chatbot shortcode on a page or post and have enabled it for users with Subscriber or higher roles. Any WordPress site that installs this plugin within the specified version range is at risk.", "description_and_impact": "The AI Engine plugin for WordPress contains a stored cross\u2011site scripting flaw that is triggered when an authenticated user supplies a malicious value to the 'id' parameter of the mwai_chatbot shortcode. The lack of input sanitization and output escaping permits arbitrary JavaScript to be saved to a page, which is then executed whenever that page is viewed by any site visitor. An attacker with at least Subscriber privileges can thus inject scripts that can deface the site, steal credentials, or facilitate further malicious activity.", "risk_and_exploitability": "The CVSS score of 5.4 classifies the issue as medium severity, and the EPSS score of less than 1% suggests a low probability of widespread exploitation at this time. The vulnerability is not listed in CISA\u2019s KEV catalog, so there are currently no documented active exploits. However, because the flaw allows stored malicious scripts, a credentialed attacker who can add or edit content can permanently compromise the user experience. The attack vector is via legitimate authenticated access; a malicious Subscriber can inject payloads that persist across all viewers of the affected page."}}}}, "created": "2025-07-13T21:47:09.171271+00:00", "updated": "2026-04-21T20:00:25.893871+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}