CVE-2025-11749
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.
Analysis
The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint when the No-Auth URL feature is enabled. Unauthenticated attackers can extract this token to gain full API access, compromising AI assistant configurations and potentially accessing connected LLM provider API keys.
Technical Context
When the No-Auth URL feature is enabled, the /mcp/v1/ endpoint returns configuration data including the Bearer Token in cleartext. This token is used to authenticate API requests to the AI Engine's chatbot and content generation features. The exposed token may also provide access to configured OpenAI/Anthropic API keys stored in the plugin settings.
Affected Products
['AI Engine for WordPress <= 3.1.3']
Remediation
Update AI Engine to version 3.1.4 or later. Disable the No-Auth URL feature if not required. Rotate all API keys for connected LLM providers. Review conversation logs for sensitive data exposure. Implement rate limiting on the MCP endpoint.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today