4 matches found
CVE-2025-5071
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2025-5071 AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...
WordPress AI Engine 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP vulnerability
Authenticated Subscriber+ Insufficient Authorization to Privilege Escalation via MCP vulnerability discovered by István Márton - Wordfence in WordPress Plugin AI Engine versions = 2.8.3...
CVE-2025-5071
creationtimestamp| type| source ---|---|--- 2025-06-19 05:09:56+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lrwr2u6unv2o 2025-06-19 09:43:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18844 2025-06-19 10:00:28+00:00| seen|...