CVE-2025-11749
published 2025-11-05CVE-2025-11749: The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API…
PriorityP191critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
75.76%
99.5th percentile
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated requests to both /wp-json/mcp/v1/ and /?rest_route=/mcp/v1/ REST API endpoints on WordPress sites running AI Engine plugin <= 3.1.3, especially followed by administrator account creation activity. ↗
- →Use Shodan/ZoomEye to identify exposed WordPress instances with the AI Engine plugin installed by searching for the string /wp-content/plugins/ai-engine/ in page HTML. ↗
- ·The bearer token is only exposed when the 'No-Auth URL' feature is explicitly enabled in the AI Engine plugin configuration. Instances with this feature disabled are not vulnerable to token exposure via this endpoint. ↗
- ·The vulnerability affects all AI Engine plugin versions up to and including 3.1.3; version 3.1.4 or later contains the fix. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q6x7-qqgq-h832: The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3
ghsa_unreviewed·2025-11-05
CVE-2025-11749 [CRITICAL] CWE-200 GHSA-q6x7-qqgq-h832: The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.
VulnCheck
meowapps ai_engine Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2025·CVSS 9.8
CVE-2025-11749 [CRITICAL] meowapps ai_engine Exposure of Sensitive Information to an Unauthorized Actor
meowapps ai_engine Exposure of Sensitive Information to an Unauthorized Actor
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.
Affected: meowapps ai_engine
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/
No detection rules found.
Metasploit
WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE
metasploit
WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE
WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE
This module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin (versions <= 3.1.3). The vulnerability allows an attacker to create an administrator account via the MCP (Model Context Protocol) endpoint without authentication. The module supports both `/wp-json/mcp/v1/` and `/?rest_route=/mcp/v1/` endpoints. Once an administrator account is created, the module uploads and executes a malicious plugin to achieve remote code execution (RCE).
Nuclei
WordPress AI Engine Plugin - Token Exposure
nuclei·CVSS 9.8
CVE-2025-11749 [CRITICAL] WordPress AI Engine Plugin - Token Exposure
WordPress AI Engine Plugin - Token Exposure
Unauthenticated sensitive information exposure in AI Engine WordPress plugin <= 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled.
Template:
id: CVE-2025-11749
info:
name: WordPress AI Engine Plugin - Token Exposure
author: 4m3rr0r
severity: critical
description: |
Unauthenticated sensitive information exposure in AI Engine WordPress plugin <= 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled.
impact: |
Unauthenticated attackers can retrieve sensitive bearer tokens from AI Engine WordPress plugin through exposed REST API endpoints, potentially allowing privilege escalation and unauthorized access to AI service credentials.
remediation: |
Upgrade to AI Engine version 3.1.4 or later that
Greynoiseio
NoiseLetter December 2025
blogs_greynoiseio·CVSS 10.0
[CRITICAL] NoiseLetter December 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2024-53382 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin
bugzilla·2025-03-03·CVSS 5.4
CVE-2024-53382 [MEDIUM] CVE-2024-53382 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin
CVE-2024-53382 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
Discussion:
This issue has been addressed in the following products:
Red Hat Ceph Storage 8.1
Via RHSA-2025:11749 https://access.redhat.com/errata/RHSA-2025:11749
---
This issue has been addressed in the following products:
Red Hat Ceph Storage 7.1
Via RHSA-2025:11889 https://access.redhat.com/errata/RHSA-2025:11889
Bugzilla
CVE-2025-22865 crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509
bugzilla·2025-01-28·CVSS 7.5
CVE-2025-22865 [HIGH] CVE-2025-22865 crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509
CVE-2025-22865 crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
Discussion:
This issue has been addressed in the following products:
Red Hat Ceph Storage 8.1
Via RHSA-2025:11749 https://access.redhat.com/errata/RHSA-2025:11749
---
This issue has been addressed in the following products:
Red Hat Ceph Storage 7.1
Via RHSA-2025:11889 https://access.redhat.com/errata/RHSA-2025:11889
2025-11-05
Published
Exploited in the wild