- Description
- The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-863
- Hype score
- Not currently trending
🚨 Critical vulnerability in AI Engine plugin exposes 100,000+ WordPress sites! Update to v2.8.4 ASAP to patch privilege escalation flaw (CVE-2025-5071). Secure your WP install now! 🛡️ #WordPress #Security #Vulnerability https://t.co/4FzVJGB7wA
@fernandokarl
19 Jun 2025
182 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5071 The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can… https://t.co/O0ymdaf4W5
@CVEnew
19 Jun 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
10万サイト以上が使用しているWordPressのプラグインMCP in AI Engineに権限昇格の脆弱性。CVE-2025-5071はCVSSスコア8.8。開発者モードとMCPモジュールの有効化が前提で、既定の設定では脆弱ではない。購読者以上の権
@__kokumoto
18 Jun 2025
698 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes