A critical vulnerability, CVE-2025-5071, has been discovered in the WordPress AI Engine plugin, affecting versions 2.8.0 through 2.8.3 and putting over 100,000 websites at risk. This high-severity flaw allows privilege escalation, where even subscriber-level users can gain full administrative control of WordPress sites. The root cause lies in the plugin’s Model Context Protocol (MCP), a feature designed to allow AI agents like ChatGPT and Claude to interact with WordPress. However, due to inadequate authorization checks, attackers can exploit this to execute critical site management commands.

The issue specifically resides in the can_access_mcp() function within the Meow_MWAI_Labs_MCP class, which fails to enforce proper permission validation. As a result, users with minimal access can trigger powerful WordPress operations like wp_create_user, wp_update_user, and wp_update_option, effectively giving them the ability to completely compromise a site. Fortunately, this vulnerability only impacts installations where the Dev Tools and MCP modules are manually enabled—both features are disabled by default, limiting the attack surface for unaware users.

The vulnerability’s exploitation hinges on a flawed implementation of the auth_via_bearer_token() function, where improper handling of empty Bearer tokens allows the function to return a permissive $allow value (true for logged-in users). If the Bearer token is missing or blank, the system mistakenly grants access, enabling unauthorized actions. This bypass forms the technical backbone of the exploit and highlights a serious lapse in token validation logic within the plugin's authentication mechanism.

In response, the Researcher discovered the issue on May 21, 2025, and promptly disclosed it to the vendor. Firewall protections were issued the next day, and Response users, with free users receiving updates on June 21, 2025. A patch has since been released, which enforces administrator-only access checks and adds robust handling of empty token values to close the authentication loophole. Site administrators using the AI Engine plugin are strongly advised to update immediately and review MCP settings to ensure site integrity.