CVE-2025-11749 — AI Deep Analysis Summary

🚨 **Essence**: AI Engine plugin exposes Bearer Tokens via REST API `/mcp/v1/`. <br>💥 **Consequences**: Unauthenticated sensitive data leak → Potential **Privilege Escalation**. Critical integrity & confidentiality loss.

🛡️ **CWE-200**: Information Exposure. <br>🔍 **Flaw**: The `/mcp/v1/` endpoint leaks Bearer Tokens when the **No-Auth URL** feature is enabled. Poor access control on sensitive API endpoints.

🏢 **Vendor**: tigroumeow. <br>📦 **Product**: AI Engine – The Chatbot, AI Framework & MCP for WordPress. <br>📉 **Affected**: Versions **3.1.3 and earlier**.

🕵️ **Hackers Can**: Extract valid Bearer Tokens without login. <br>🔓 **Impact**: Use stolen tokens to impersonate authenticated users. Achieve **Privilege Escalation** and access restricted AI/Chatbot features.

⚡ **Threshold**: **LOW**. <br>🔑 **Auth**: None required (Unauthenticated). <br>⚙️ **Config**: Only if **No-Auth URL** is enabled in plugin settings. Easy to trigger via simple HTTP request.

🔥 **Yes, Public**. <br>📜 **PoC**: Available on GitHub (Nxploited/CVE-2025-11749). <br>🤖 **Scanner**: Nuclei templates exist for automated detection. Wild exploitation is highly likely.

🔍 **Check**: Scan for `/mcp/v1/` endpoint. <br>📡 **Tool**: Use Nuclei or manual curl requests. <br>👀 **Verify**: Look for exposed Bearer Token values in the response headers/body when No-Auth is active.

🛠️ **Fix**: Update to version **> 3.1.3**. <br>📝 **Patch**: Commit 3380753 addresses the issue. Check WordPress plugin repository for the latest secure release.

🚧 **Workaround**: Disable the **No-Auth URL** feature in AI Engine settings. <br>🔒 **Mitigation**: Restrict access to `/mcp/v1/` via .htaccess or WAF rules if patching is delayed.

🔴 **Priority**: **CRITICAL**. <br>⏱️ **Urgency**: High. CVSS Score indicates High Impact (C:H, I:H, A:H). Immediate patching or mitigation required to prevent token theft and privilege abuse.