CVE-2026-8719

The CVE describes a Privilege Escalation in AI Engine 3.4.9 (WordPress plugin: The Chatbot, AI Framework & MCP for WordPress). Root cause: missing WordPress capability enforcement in the MCP OAuth Bearer Token path, allowing any valid OAuth token to grant MCP access without admin privileges. Impa...

PT-2026-41513

Name of the Vulnerable Software and Affected Versions The AI Engine – The Chatbot, AI Framework & MCP for WordPress version 3.4.9 Description Missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path allows authenticated users with Subscriber privileges or higher t...

Potential Price Slippage Due to Gaps in Consecutive Ranges

Lines of code Vulnerability details The method allows appending new Range instances without restrictions on the gap between the end of the last range and the start of the new one. Significant gaps between these ranges can result in considerable price slippages, introducing volatility in price...

Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools RATs for some time now. While previous versions of the malware have been covered by other researchers, our blog entry focuses on the malicious actor’s latest attacks...