CVE-2025-11749

🗓️ 05 Nov 2025 05:31:25Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 46 Views🌐 WEB

CVE-2025-11749: AI Engine up to 3.1.3 exposes Bearer Token via No-Auth URL, enabling unauthenticated privilege escalation.

Reporter	Title	Published	Views	Family All 20
GithubExploit	Exploit for CVE-2025-11749	8 Nov 202503:19	–	githubexploit
Circl	CVE-2025-11749	4 Nov 202518:16	–	circl
CNNVD	WordPress plugin AI Engine 信息泄露漏洞	5 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-11749 AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation	5 Nov 202505:31	–	cvelist
EUVD	EUVD-2025-37802	5 Nov 202505:31	–	euvd
Metasploit	WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE	4 Dec 202518:55	–	metasploit
Nuclei	WordPress AI Engine Plugin - Token Exposure	24 Jun 202603:02	–	nuclei
NVD	CVE-2025-11749	5 Nov 202506:15	–	nvd
Packet Storm	📄 WordPress AI Engine 3.1.3 Remote Code Execution	4 Dec 202500:00	–	packetstorm
Packet Storm	📄 WordPress AI Engine 3.1.3 Add Admin / Shell Upload	4 Mar 202600:00	–	packetstorm

Vulners

Node

tigroumeow ai_engine_the_chatbot,_ai_framework_&_mcp_for_wordpressRange≤3.1.3wordpress

[
  {
    "vendor": "tigroumeow",
    "product": "AI Engine – The Chatbot, AI Framework & MCP for WordPress",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.1.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3380753/ai-engine
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/06eaf624-aedf-453d-8457-d03a572fac0d
plugins	www.plugins.trac.wordpress.org/browser/ai-engine/trunk/labs/mcp.php

Parameter	Position	Path	Description	CWE
token	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
name	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
arguments.user_login	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
arguments.user_email	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
user_pass	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
role	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
arguments	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
jsonrpc	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
id	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200
method	request body	wp-json/mcp/v1/{token}/sse	Unauthenticated call to MCP admin-creation endpoint (/wp-json/mcp/v1/{token}/sse) enabling creation of an administrator user via JSON-RPC	CWE-200

17 Jun 2026 08:31Current

6Medium risk

Vulners AI Score6

CVSS 3.19.8

EPSS0.75323

SSVC

wordpress ai engine unauthenticated access bearer token exposure no auth url