Lucene search
K

4 matches found

NVD
NVD
added 2025/06/19 10:15 a.m.13 views

CVE-2025-5071

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS0.00617EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/19 9:23 a.m.8 views

CVE-2025-5071 AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS0.00617EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/06/19 8:10 a.m.12 views

WordPress AI Engine 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP vulnerability

Authenticated Subscriber+ Insufficient Authorization to Privilege Escalation via MCP vulnerability discovered by István Márton - Wordfence in WordPress Plugin AI Engine versions = 2.8.3...

8.8CVSS8.7AI score0.00617EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/06/19 5:9 a.m.20 views

CVE-2025-5071

creationtimestamp| type| source ---|---|--- 2025-06-19 05:09:56+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lrwr2u6unv2o 2025-06-19 09:43:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18844 2025-06-19 10:00:28+00:00| seen|...

8.8CVSS8.9AI score0.00617EPSS
Exploits0References3
Rows per page
Query Builder