CVE-2025-11749
BaseFortify
Publication date: 2025-11-05
Last updated on: 2025-11-06
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | ai_engine | 3.1.3 |
| wordpress | ai_engine | 3.1.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the AI Engine plugin for WordPress up to version 3.1.3. It occurs because the /mcp/v1/ REST API endpoint exposes the 'Bearer Token' when the 'No-Auth URL' feature is enabled. This allows unauthenticated attackers to obtain the bearer token, which can then be used to access a valid session and perform actions such as creating a new administrator account, resulting in privilege escalation.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized access to a valid session by extracting the bearer token. This can lead to privilege escalation, including the creation of new administrator accounts, which compromises the security and control of the affected WordPress site.