Ai Engine Wordpress Plugin Exposes 100,000 Wordpress Sites To...

A critical security vulnerability in the AI Engine WordPress plugin has put more than 100,000 active installations at risk of privilege escalation attacks.

The flaw, tracked as CVE-2025-11749 with a CVSS score of 9.8, allows unauthenticated attackers to extract bearer tokens and gain complete administrative control over vulnerable WordPress sites.

Security researcher Emiliano Versini discovered the vulnerability on October 4, 2025, and responsibly reported it through the Wordfence Bug Bounty Program, earning a bounty of $2,145.

The vulnerability centers on a sensitive information exposure issue that affects all versions of AI Engine up to and including 3.1.3.

When site administrators enable the ‘No-Auth URL’ feature in the Model Context Protocol (MCP) settings, the plugin inadvertently exposes bearer tokens through the /wp-json/ REST API index.

These tokens serve as authentication credentials for the MCP integration, which enables AI agents like Claude and ChatGPT to control WordPress websites by executing commands, managing media files, and editing user accounts.

Wordfence researchers identified the root cause in the plugin’s REST API route registration process.

The vulnerable code registers No-Auth URL endpoints without setting the ‘show_in_index’ parameter to false, making these endpoints publicly accessible.

Once attackers extract the exposed bearer token from the API index, they can authenticate themselves to the MCP endpoint and execute commands such as ‘wp_update_user’ to escalate their privileges to administrator level.

With administrative access secured, threat actors can upload malicious plugins containing backdoors, modify website content to inject spam, or redirect visitors to harmful sites.