PT-2025-26211 · WordPress · Ai Engine Wordpress Plugin
István Márton
·
Published
2025-06-19
·
Updated
2025-08-11
·
CVE-2025-5071
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WordPress AI Engine plugin (affected versions not specified)
Description
A critical flaw in WordPress's AI Engine plugin allows subscribers to escalate privileges and take over websites with Dev Tools/MCP enabled.
Recommendations
Update the WordPress AI Engine plugin to the latest version.
As a temporary workaround, consider disabling the Dev Tools/MCP feature until a patch is available.
Restrict subscriber-level access to minimize the risk of exploitation.
Fix
LPE
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai Engine Wordpress Plugin