CVE-2025-11749
Published: 05 November 2025
Description
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2025-11749 is a sensitive information exposure vulnerability (CWE-200) affecting the AI Engine plugin for WordPress in all versions up to and including 3.1.3. The flaw resides in the /mcp/v1/ REST API endpoint, which exposes the Bearer Token value when the 'No-Auth URL' feature is enabled, published on 2025-11-05 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no user interaction. By accessing the endpoint, they extract the bearer token, which grants access to a valid session. This enables privilege escalation through actions such as creating a new administrator account.
Advisories, including the Wordfence threat intelligence report, detail the vulnerability. A patch is available in WordPress plugin changeset 3380753, and the issue is visible in the source code at plugins.trac.wordpress.org/browser/ai-engine/trunk/labs/mcp.php#L226.
Details
- CWE(s)
AI Security Analysis
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- The AI Engine plugin for WordPress provides AI integration and assistant features (e.g., chatbots, content generation via LLMs) for enterprise-level websites, matching the Enterprise AI Assistants category.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability exposes a bearer token via an unauthenticated REST API endpoint in a public-facing WordPress plugin, enabling exploitation of public-facing applications (T1190), stealing application access tokens (T1528), and use of valid accounts for actions like privilege escalation via admin account creation (T1078).