cbcvebase.
CVE-2025-11749
published 2025-11-05

CVE-2025-11749: The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API…

PriorityP191critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
75.76%
99.5th percentile
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/mcp/v1/
url/?rest_route=/mcp/v1/
url/mcp/v1/
path/wp-content/plugins/ai-engine/
  • Monitor for unauthenticated requests to both /wp-json/mcp/v1/ and /?rest_route=/mcp/v1/ REST API endpoints on WordPress sites running AI Engine plugin <= 3.1.3, especially followed by administrator account creation activity.
  • Use Shodan/ZoomEye to identify exposed WordPress instances with the AI Engine plugin installed by searching for the string /wp-content/plugins/ai-engine/ in page HTML.
  • ·The bearer token is only exposed when the 'No-Auth URL' feature is explicitly enabled in the AI Engine plugin configuration. Instances with this feature disabled are not vulnerable to token exposure via this endpoint.
  • ·The vulnerability affects all AI Engine plugin versions up to and including 3.1.3; version 3.1.4 or later contains the fix.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.