CVE-2025-6238

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress version 2.8.4

Description: The issue is due to an insecure OAuth implementation, specifically the lack of validation for the redirect uri parameter during the authorization flow. This allows unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI.

Recommendations: For version 2.8.4, update to version 2.8.5, where OAuth is disabled and the 'Meow MWAI Labs OAuth' class is not loaded, thus mitigating the open redirect vulnerability.