| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| Exploit for CVE-2025-11749 | 8 Nov 202503:19 | – | githubexploit | |
| CVE-2025-11749 | 4 Nov 202518:16 | – | circl | |
| WordPress plugin AI Engine 信息泄露漏洞 | 5 Nov 202500:00 | – | cnnvd | |
| CVE-2025-11749 | 5 Nov 202505:31 | – | cve | |
| CVE-2025-11749 AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation | 5 Nov 202505:31 | – | cvelist | |
| EUVD-2025-37802 | 5 Nov 202505:31 | – | euvd | |
| WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE | 4 Dec 202518:55 | – | metasploit | |
| CVE-2025-11749 | 5 Nov 202506:15 | – | nvd | |
| 📄 WordPress AI Engine 3.1.3 Remote Code Execution | 4 Dec 202500:00 | – | packetstorm | |
| 📄 WordPress AI Engine 3.1.3 Add Admin / Shell Upload | 4 Mar 202600:00 | – | packetstorm |
id: CVE-2025-11749
info:
name: WordPress AI Engine Plugin - Token Exposure
author: 4m3rr0r
severity: critical
description: |
Unauthenticated sensitive information exposure in AI Engine WordPress plugin <= 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled.
impact: |
Unauthenticated attackers can retrieve sensitive bearer tokens from AI Engine WordPress plugin through exposed REST API endpoints, potentially allowing privilege escalation and unauthorized access to AI service credentials.
remediation: |
Upgrade to AI Engine version 3.1.4 or later that properly secures REST API endpoints and token handling.
reference:
- https://www.wordfence.com/blog/2025/11/100000-wordpress-sites-affected-by-privilege-escalation-vulnerability-in-ai-engine-wordpress-plugin/
- https://cve.mitre.org/cgi-bin/cvename/cgi?name=CVE-2025-11749
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-11749
epss-score: 0.75063
epss-percentile: 0.99448
metadata:
max-request: 1
verified: true
vendor: wordpress
product: ai-engine
shodan-query: 'http.html:"/wp-content/plugins/ai-engine/"'
zoomeye-query: 'app:"WordPress" +web.body:"/wp-content/plugins/ai-engine/"'
tags: cve,cve2025,wordpress,wp-plugin,ai-engine,exposure,token,vkev,ai
http:
- method: GET
path:
- "{{BaseURL}}/wp-json/mcp/v1"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(header, "application/json")'
condition: and
- type: regex
part: body
regex:
- '\"\\/mcp\\/v1\\/([^\\/"]+)\\/messages\":{'
- '\"\\/mcp\\/v1\\/([^\\/"]+)\\/sse\":{'
condition: and
# digest: 4a0a0047304502210086ba34fc41357dd13775e9812088bb067116692513e81dc2366c47b59633fbfd022018cb05f0eac7dbbf1939462df83ff60392c9f78455cf4e65289aba3b9ba90035:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation