Description
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator.
Published: 2026-05-17
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin fails to enforce WordPress capability checks in its MCP OAuth bearer‑token pathway. This missing authorization (CWE‑269) allows any authenticated user possessing a valid OAuth token to access admin‑level MCP functions. The flaw can therefore be used by an attacker with subscriber or lower privileges to elevate their role to Administrator, compromising the integrity of site control without executing arbitrary code.

Affected Systems

The vulnerability is specific to version 3.4.9 of the AI Engine plugin developed by tigroumeow. No other versions or related components are listed as affected, and the issue is limited to the plugin’s MCP OAuth bearer‑token endpoint.

Risk and Exploitability

The likely attack vector is authenticated, requiring possession of a valid OAuth token which is available to any registered WordPress user with a subscription. The CVSS score of 8.8 indicates high severity, but the EPSS score is not available, so the current exploitation probability is unclear. The vulnerability is not listed in the CISA KEV catalog, and no public exploits have yet been reported, yet the absence of role checks provides a relatively low barrier for privilege escalation by attackers with modest access.

Generated by OpenCVE AI on May 17, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the AI Engine plugin to a version that includes the missing authorization fix.
  • If an immediate upgrade is not possible, block or restrict the MCP OAuth bearer‑token endpoint for all users who do not have Administrator or Editor privileges.
  • Add a custom capability verification step that checks WordPress user roles before allowing MCP operations, ensuring only authorized users can invoke admin-level tools.
  • Monitor site logs for anomalous MCP activity and audit user permissions to confirm that only privileged roles can access sensitive MCP functions.

Generated by OpenCVE AI on May 17, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator.
Title AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-05-17T02:27:02.277Z

Reserved: 2026-05-15T21:30:51.096Z

Link: CVE-2026-8719

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T04:16:42.580

Modified: 2026-05-17T04:16:42.580

Link: CVE-2026-8719

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T06:00:12Z

Weaknesses