← back to popular plugins
wordfence / plugin · ai-engine

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine
total installs
100,000
total vulns
13
critical
1
high
7
medium
5
low
0
latest vuln
patched
13
unpatched
0
avg time to patch
vulnerabilities (13)
AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token
high ✓ patched
cve id CVE-2026-8719 ↗
cvss score 8.8
cwe CWE-269: Improper Privilege Management
published May 16, 2026
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator.
AI Engine – The Chatbot, AI Framework & MCP for WordPress <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload
high ✓ patched
cve id CVE-2026-23802 ↗
cvss score 7.2
cwe CWE-434: Unrestricted Upload of File with Dangerous Type
published Feb 25, 2026
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint
high ✓ patched
cve id CVE-2026-1400 ↗
cvss score 7.2
cwe CWE-434: Unrestricted Upload of File with Dangerous Type
published Jan 27, 2026
The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The attacker can upload a benign image file, then use the `update_media_metadata` endpoint to rename it to a PHP file, creating an executable PHP file in the uploads directory.
AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery
medium ✓ patched
cve id CVE-2026-0746 ↗
cvss score 6.4
cwe CWE-918: Server-Side Request Forgery (SSRF)
published Jan 27, 2026
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services, if "Public API" is enabled in the plugin settings, and 'allow_url_fopen' is set to 'On' on the server.
AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery
medium ✓ patched
cve id CVE-2025-8084 ↗
cvss score 6.8
cwe CWE-918: Server-Side Request Forgery (SSRF)
published Nov 18, 2025
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving.
AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization
high ✓ patched
cve id CVE-2025-12844 ↗
cvss score 7.1
cwe CWE-502: Deserialization of Untrusted Data
published Nov 12, 2025
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'rest_simpleTranscribeAudio' and 'rest_simpleVisionQuery' functions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
critical ✓ patched
cve id CVE-2025-11749 ↗
cvss score 9.8
cwe CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
published Nov 4, 2025
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.
Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion
medium ✓ patched
cve id CVE-2025-8268 ↗
cvss score 6.5
cwe CWE-862: Missing Authorization
published Sep 3, 2025
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.
AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
high ✓ patched
cve id CVE-2025-7847 ↗
cvss score 8.8
cwe CWE-434: Unrestricted Upload of File with Dangerous Type
published Jul 30, 2025
The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server when the REST API is enabled, which may make remote code execution possible.
AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
medium ✓ patched
cve id CVE-2025-7780 ↗
cvss score 6.5
cwe CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
published Jul 23, 2025
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin’s OpenAI API integration.
AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter
medium ✓ patched
cve id CVE-2025-5570 ↗
cvss score 5.4
cwe CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
published Jul 7, 2025
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Engine 2.8.4 - Insecure OAuth Implementation
high ✓ patched
cve id CVE-2025-6238 ↗
cvss score 8.0
cwe CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
published Jul 3, 2025
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the 'Meow_MWAI_Labs_OAuth' class is not loaded in the plugin in the patched version 2.8.5.
AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP
high ✓ patched
cve id CVE-2025-5071 ↗
cvss score 8.8
cwe CWE-863: Incorrect Authorization
published Jun 18, 2025
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.