Critical Vulnerability in AI Engine WordPress Plugin Exposes Sites to Privilege Escalation Attacks CVE-2025-11749 (CVSS 9.8)
Estimated reading time: 8 minutes
Key Takeaways:
- A critical vulnerability (CVE-2025-11749, CVSS 9.8) affects the AI Engine WordPress plugin.
- Over 100,000 active installations are at risk of privilege escalation.
- Update to version 3.1.4 or later immediately and rotate bearer tokens.
- Monitor for suspicious activity and implement a Web Application Firewall (WAF).
Table of Contents:
- AI Engine WordPress Plugin Vulnerability: CVE-2025-11749
- Technical Details and Impact
- Responsible Disclosure and Patching
- Actionable Steps for Mitigation
- Impact on Technical and Non-Technical Stakeholders
- How PurpleOps Can Help
- FAQ
AI Engine WordPress Plugin Vulnerability: CVE-2025-11749
A critical vulnerability, identified as CVE-2025-11749 (CVSS 9.8), has been discovered in the AI Engine WordPress plugin. This flaw poses a significant risk to over 100,000 active WordPress installations, potentially allowing unauthenticated attackers to escalate privileges and gain administrative control. This blog post examines the details of this vulnerability, its potential impact, and the necessary steps to mitigate the risk.
The AI Engine plugin integrates the Model Context Protocol (MCP) with AI agents like Claude and ChatGPT, enabling them to manage WordPress tasks such as user modifications, media handling, and post editing. The cyber threat intelligence platform is reporting on the vulnerability, which arises from improper REST API endpoint registration within the plugin’s Meow_MWAI_Labs_MCP class.
When the “No-Auth URL” feature is enabled-a setting disabled by default-the plugin registers REST API routes that include the bearer token directly in the endpoint path. Critically, these endpoints are registered without setting the ‘show_in_index’ parameter to false, meaning they are publicly listed in the WordPress REST API index at /wp-json/. This design flaw exposes the bearer token to any unauthenticated attacker querying the REST API.
Technical Details and Impact
This vulnerability, tracked as CVE-2025-11749 with a CVSS score of 9.8, allows attackers to bypass authentication and execute administrator-level commands. The sequence of events is as follows:
- Token Exposure: The “No-Auth URL” feature, when enabled, exposes the bearer token via the WordPress REST API index.
- Unauthorized Authentication: Attackers obtain the bearer token and use it to authenticate themselves to the MCP endpoint.
- Privilege Escalation: Attackers execute commands such as ‘wp\_update\_user’ to modify their user role to administrator.
- Site Compromise: With administrator privileges, attackers can upload malicious plugins or themes, modify site content, or completely compromise the website.
The real-time ransomware intelligence indicates that compromised sites can be leveraged for various malicious activities, including spam, phishing, and deploying backdoors.
Responsible Disclosure and Patching
The vulnerability was discovered by researcher Emiliano Versini and responsibly reported through the Wordfence Bug Bounty Program on October 4th, 2025. Wordfence validated the proof-of-concept exploit and initiated vendor disclosure on October 14th, 2025. A patched version, 3.1.4, was released on October 19th, 2025.
Wordfence Premium, Care, and Response users received a protective firewall rule on October 15th, 2025, before the patch was released. Free version users received firewall protection on November 14th, 2025.
Actionable Steps for Mitigation
Website administrators using the AI Engine plugin must take the following steps:
- Update to Version 3.1.4 or Later: Immediately update the AI Engine plugin to the latest version (3.1.4 or later) to patch the vulnerability.
- Rotate Bearer Tokens: If the “No-Auth URL” feature was previously enabled, rotate the bearer token in the plugin settings page. Updating the plugin alone is insufficient if the token has already been exposed.
- Monitor for Suspicious Activity: Monitor network traffic and server logs for any unusual activity that may indicate exploitation attempts.
- Implement Web Application Firewall (WAF): Utilize a WAF to block malicious requests targeting this vulnerability.
Impact on Technical and Non-Technical Stakeholders
Technical Stakeholders (System Administrators, Security Engineers)
- Immediate Patching: Prioritize patching AI Engine plugin installations to version 3.1.4 or later.
- Token Rotation: Ensure bearer tokens are rotated if the “No-Auth URL” feature was ever enabled.
- Monitoring: Implement monitoring rules to detect exploitation attempts targeting the REST API endpoints.
- WAF Configuration: Deploy or update WAF rules to block malicious requests associated with CVE-2025-11749.
- Incident Response Planning: Update incident response plans to include procedures for handling potential compromises related to this vulnerability.
Non-Technical Stakeholders (Business Leaders, Website Owners)
- Awareness: Understand the potential impact of the vulnerability on website security and data integrity.
- Resource Allocation: Allocate resources to ensure timely patching and mitigation efforts.
- Communication: Communicate with technical teams to confirm that recommended actions have been taken.
- Risk Assessment: Assess the potential business risks associated with a successful exploitation of the vulnerability, including reputational damage and data loss.
- Compliance: Ensure compliance with relevant data protection regulations and standards.
How PurpleOps Can Help
PurpleOps offers a suite of services that can assist organizations in mitigating the risks associated with vulnerabilities like CVE-2025-11749:
- Breach Detection: Our breach detection services can help identify any unauthorized access or malicious activity resulting from the exploitation of this vulnerability.
- Supply-Chain Risk Monitoring: We provide supply-chain risk monitoring to identify vulnerabilities in third-party plugins and themes used on your WordPress sites.
- Penetration Testing: PurpleOps offers penetration testing services to identify and validate vulnerabilities in your web applications and infrastructure, including WordPress sites. Our experts can simulate real-world attacks to uncover potential weaknesses.
- Red Team Operations: Our red team operations can assess your organization’s ability to detect and respond to sophisticated attacks, including those exploiting vulnerabilities like CVE-2025-11749.
- Cyber Threat Intelligence: PurpleOps provides access to cyber threat intelligence platform, offering insights into emerging threats, attack patterns, and indicators of compromise (IOCs) related to WordPress vulnerabilities.
- Brand Leak Alerting: Our brand leak alerting service can help identify exposed bearer tokens or other sensitive information that may be used to compromise your WordPress sites.
- Dark Web Monitoring Service: Proactively scan the dark web monitoring service to identify compromised credentials or leaked information related to your organization.
- Underground Forum Intelligence: Leverage underground forum intelligence to gain insights into attacker tactics, techniques, and procedures (TTPs) related to WordPress exploitation.
- Telegram Threat Monitoring: Utilize telegram threat monitoring to track discussions and activities related to WordPress vulnerabilities in cybercriminal communities.
- Live Ransomware API: Access our live ransomware API to stay informed about the latest ransomware threats targeting WordPress sites and implement proactive measures to protect your data.
This vulnerability in the AI Engine WordPress plugin serves as a reminder of the importance of proactive security measures, timely patching, and robust monitoring to protect against potential threats. By taking immediate action and leveraging the right security services, organizations can effectively mitigate the risks and maintain the security and integrity of their WordPress sites.
For more information on how PurpleOps can help you protect your WordPress sites and other digital assets, please visit PurpleOps Solutions or contact us for a consultation. We can help you implement a comprehensive cybersecurity strategy that includes vulnerability management, threat detection, and incident response.
FAQ
Q: What is CVE-2025-11749?
A: CVE-2025-11749 is a critical vulnerability in the AI Engine WordPress plugin that allows unauthenticated attackers to escalate privileges and gain administrative control.
Q: What is the CVSS score of this vulnerability?
A: The CVSS score for CVE-2025-11749 is 9.8, indicating a critical severity level.
Q: How can I fix this vulnerability?
A: Update the AI Engine plugin to version 3.1.4 or later, rotate bearer tokens if the “No-Auth URL” feature was previously enabled, monitor for suspicious activity, and implement a Web Application Firewall (WAF).
Q: What if I cannot update immediately?
A: Implement a WAF rule to block malicious requests targeting the vulnerability and monitor your site for suspicious activity.
Q: Was the vulnerability fixed?
A: Yes, a patched version (3.1.4) was released on October 19th, 2025.