CVE-2025-11749: 
WordPress vulnerability analysis and mitigation

Researchers at Wordfence have disclosed a critical vulnerability (CVE-2025-11749, CVSS 9.8) in the AI Engine WordPress plugin that affects all versions up to and including 3.1.3. The vulnerability allows unauthenticated attackers to extract bearer tokens and gain full access to the Model Context Protocol (MCP), enabling them to escalate privileges to administrator level by updating their user roles (Security Online).

The vulnerability is classified as a Sensitive Information Exposure issue that specifically impacts users who have enabled the 'No-Auth URL' feature within the plugin's Model Context Protocol (MCP) settings. When enabled, this feature inadvertently exposes sensitive authentication tokens to the public REST API. The flaw resides in how the plugin registers REST API routes via the restapiinit() function within the MeowMWAILabs_MCP class, where the 'No-Auth URL' endpoints were registered publicly without proper restrictions (Security Online).

Once an attacker retrieves the exposed bearer token, they can authenticate directly with the MCP endpoint and issue privileged commands, including updating user roles to administrator level. This enables complete site takeover, allowing adversaries to upload backdoored plugins, inject SEO spam, or redirect visitors to malicious domains (Security Online).

A patch is available in version 3.1.4 of the AI Engine plugin. Site administrators are strongly advised to update to this version immediately. If immediate updating is not possible, administrators should ensure the 'No-Auth URL' feature is disabled to prevent potential exploitation (Security Online).

The vulnerability was discovered and responsibly reported by security researcher Emiliano Versini via the Wordfence Bug Bounty Program. The discovery was made just one day after the vulnerable code was introduced, earning Versini a bounty of $2,145 (Security Online).