CVE-2025-6238 – WordPress AI Engine Plugin Open Redirect Vulnerability

July 3, 2025

CVE ID : CVE-2025-6238

Published : July 4, 2025, 3:15 a.m. | 22 minutes ago

Description : The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the ‘redirect_uri’ parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the ‘Meow_MWAI_Labs_OAuth’ class is not loaded in the plugin in the patched version 2.8.5.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6586 – WordPress Download Plugin Remote Code Execution (RCE) Vulnerability

Next Article CVE-2025-6729 – WordPress PayMaster for WooCommerce SSRF Vulnerability

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-6238 – WordPress AI Engine Plugin Open Redirect Vulnerability

CVE-2025-5933 – WordPress RD Contacto CSRF Vulnerability

CVE-2025-5924 – “WordPress Firebase Push Notification CSRF”

Apple fixes zero-click exploit underpinning Paragon spyware attacks

CVE-2025-49014 – jq Heap Use After Free Vulnerability

An anomaly detection framework anyone can use

CVE-2025-5299 – SourceCodester Client Database Management System Unrestricted File Upload Vulnerability

FunSearch: Making new discoveries in mathematical sciences using Large Language Models

CVE-2025-49193 – Apache Struts Missing Security Headers Vulnerability

Vibe coding with GitHub Copilot: Agent mode and MCP support rolling out to all VS Code users

Accelerate foundation model training and inference with Amazon SageMaker HyperPod and Amazon SageMaker Studio

CVE-2025-6238 – WordPress AI Engine Plugin Open Redirect Vulnerability

Related Posts