100,000+ WordPress Sites Exposed to Privilege Escalation Attacks via MCP AI Engine

June 19, 2025

100,000+ WordPress Sites Exposed to Privilege Escalation Attacks via MCP AI Engine

A critical security vulnerability has emerged in the WordPress ecosystem, exposing over 100,000 websites to privilege escalation attacks through the AI Engine plugin’s Model Context Protocol (MCP) imp …

Published Date:
Jun 19, 2025 (3 hours, 52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5071

Source: Read More

Previous ArticleQilin Ransomware Emerges as World’s Top Threat, Demands $50 Million Ransom

Next Article Paragon Commercial Spyware Infects Prominent Journalists

Highlights

CVE-2025-4584 – WordPress IRM Newsroom Stored Cross-Site Scripting Vulnerability

June 13, 2025

CVE ID : CVE-2025-4584

Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago

Description : The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘irmeventlist’ shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Using the Old Bean

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Manipulate Image URLs in Laravel with the Image Transform Package

Manipulate Image URLs in Laravel with the Image Transform Package

How cron and Task Scheduler work in Laravel

Laravel: Import Very Large CSV With Jobs and Queues

FOSS Weekly #25.25: Nitrux Hyprland, Joplin Tips, Denmark Ditching Microsoft, Tiling Moves and More Linux Stuff

FOSS Weekly #25.25: Nitrux Hyprland, Joplin Tips, Denmark Ditching Microsoft, Tiling Moves and More Linux Stuff

BrosTrend 5 Port 2.5GB Switch Review

Cuneo is a widget-like calculator and conversion tool

100,000+ WordPress Sites Exposed to Privilege Escalation Attacks via MCP AI Engine

100,000+ WordPress Sites Exposed to Privilege Escalation Attacks via MCP AI Engine

Paragon Commercial Spyware Infects Prominent Journalists

Qilin Ransomware Emerges as World’s Top Threat, Demands $50 Million Ransom

CVE-2024-55211 – Think Router Tk-Rt-Wr135G Authentication Bypass

CVE-2021-47663 – Apache Solr JSON Web Tokens Authentication Bypass

CVE-2025-4910 – PHPGurukul Zoo Management System SQL Injection Vulnerability

cameractrls – camera controls for Linux

CVE-2025-4584 – WordPress IRM Newsroom Stored Cross-Site Scripting Vulnerability

The Future is Calling: India’s ‘Human AI’ Srinidhi Ranganathan Envisions Computers That Breathe and Think Freely by 2029

New UX/UI Tools I’m Loving! – Microsoft UX Certificate, Figma Updates, OpenAI Academy & More!

CVE-2025-2394 – Ecovacs Home Android and iOS Mobile Apps Stored XSS Vulnerability

100,000+ WordPress Sites Exposed to Privilege Escalation Attacks via MCP AI Engine

100,000+ WordPress Sites Exposed to Privilege Escalation Attacks via MCP AI Engine

Related Posts