CVE-2025-6238
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-08-13
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meowapps | ai_engine | 2.8.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the AI Engine WordPress plugin version 2.8.4 is an open redirect issue caused by an insecure OAuth implementation. Specifically, the 'redirect_uri' parameter in the OAuth authorization flow lacks proper validation. This flaw allows unauthenticated attackers to manipulate the redirect URI to an attacker-controlled site, intercept the authorization code, and obtain an access token. The OAuth feature is disabled in version 2.8.5 to mitigate this issue. [3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to intercept authorization codes by redirecting users to malicious URLs during the OAuth flow. With the stolen authorization code, the attacker can obtain access tokens, potentially gaining unauthorized access to user data or administrative functions within the AI Engine plugin or WordPress site. This can lead to data breaches, unauthorized actions, and compromise of site security. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring for unauthorized OAuth authorization attempts or suspicious redirects involving the 'redirect_uri' parameter. Since the vulnerability involves an open redirect in the OAuth flow, you can inspect HTTP requests to the AI Engine plugin's OAuth endpoints (e.g., /wp-json/mcp/oauth/authorize) for unusual or unexpected redirect_uri parameters that do not match expected domains. Additionally, monitoring access to MCP server endpoints for unauthorized bearer tokens or non-admin access attempts may help detect exploitation attempts. Specific commands could include using network traffic capture tools like tcpdump or Wireshark to filter HTTP requests to the WordPress site, or using curl to test the authorization endpoint with crafted redirect_uri parameters to see if redirects are validated. For example: 1. Using curl to test redirect_uri validation: curl -v 'https://yourwordpresssite.com/wp-json/mcp/oauth/authorize?response_type=code&client_id=test&redirect_uri=https://attacker.com&code_challenge=abc&state=xyz&scope=mcp' 2. Using grep or log analysis to find suspicious redirect_uri values in web server logs. However, since OAuth is disabled in the patched version, detection should focus on whether the vulnerable version (2.8.4) is running and if OAuth endpoints are accessible. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the AI Engine WordPress plugin to version 2.8.5 or later, where OAuth is disabled and the vulnerable 'Meow_MWAI_Labs_OAuth' class is not loaded, effectively removing the open redirect vulnerability. Additionally, ensure that OAuth is not enabled or configured in the plugin settings. If upgrading immediately is not possible, restrict access to the OAuth endpoints and MCP server endpoints to trusted administrators only, and monitor for suspicious activity. Avoid using OAuth authentication until a secure implementation with proper redirect URI validation and client registration is available. [1, 3]