CVE-2025-5071 – WordPress AI Engine Plugin Unauthenticated Privilege Escalation and Data Deletion Vulnerability

June 19, 2025

CVE ID : CVE-2025-5071

Published : June 19, 2025, 10:15 a.m. | 21 minutes ago

Description : The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘Meow_MWAI_Labs_MCP::can_access_mcp’ function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like ‘wp_create_user’, ‘wp_update_user’ and ‘wp_update_option’, which can be used for privilege escalation, and ‘wp_update_post’, ‘wp_delete_post’, ‘wp_update_comment’ and ‘wp_delete_comment’, which can be used to edit and delete posts and comments.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5234 – WordPress Gutenverse News Plugin Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-49763 – Apache Traffic Server ESI Plugin Remote Memory Consumption Vulnerability

UX Job Interview Helpers

.NET Aspire’s CLI reaches general availability in 9.4 release

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

Why I’ll keep the Samsung Z Fold 7 over the Pixel 10 Pro Fold – especially if these rumors are true

You may soon get Starlink internet for a much lower ‘Community’ price – here’s how

uBlock Origin Lite has finally arrived for Safari – with one important caveat

Perplexity says Cloudflare’s accusations of ‘stealth’ AI scraping are based on embarrassing errors

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

Simplified Batch Job Creation with Laravel’s Enhanced Artisan Command

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

This comfy mesh office chair I’ve been testing costs less than $400 — but there’s a worthy alternative that’s far more affordable

This comfy mesh office chair I’ve been testing costs less than $400 — but there’s a worthy alternative that’s far more affordable

How to get started with Markdown in the Notepad app for Windows 11

Microsoft Account Lockout: LibreOffice Developer’s Week-Long Nightmare Raises Concerns

CVE-2025-5071 – WordPress AI Engine Plugin Unauthenticated Privilege Escalation and Data Deletion Vulnerability

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

Think Before You Download: UAE Cybersecurity Council Issues Warning on Unverified Apps

Cisco Identity Services Engine RCE Vulnerability Allows Remote Command Execution as Root User

CVE-2024-11922 – Fortra GoAnywhere Email Injection Vulnerability

CVE-2025-20018 – Intel Graphics Driver Pointer Dereference Privilege Escalation Vulnerability

Solving the mystery of how an ancient bird went extinct

CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

FOSS Weekly #25.15: Clapgrep, APT 3.0, Vibe Coding, AI in Firefox and More

Verdansk is coming back to Call of Duty: Warzone, and I’m pretty sure I know which weapon EVERYONE will be putting in their loadouts

Figma AI Tools

CVE-2025-5071 – WordPress AI Engine Plugin Unauthenticated Privilege Escalation and Data Deletion Vulnerability

Related Posts