PT-2025-26211 · WordPress · Ai Engine Wordpress Plugin
István Márton
·
Publicado
2025-06-19
·
Atualizado
2025-08-11
·
CVE-2025-5071
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WordPress AI Engine plugin (affected versions not specified)
Description
A critical flaw in WordPress's AI Engine plugin allows subscribers to escalate privileges and take over websites with Dev Tools/MCP enabled.
Recommendations
Update the WordPress AI Engine plugin to the latest version.
As a temporary workaround, consider disabling the Dev Tools/MCP feature until a patch is available.
Restrict subscriber-level access to minimize the risk of exploitation.
Correção
LPE
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ai Engine Wordpress Plugin