AI Engine - Information Disclosure (CVE-2025-11749)

CVE-2025-11749 is a critical vulnerability in the AI Engine WordPress plugin that exposes sensitive bearer tokens through the /mcp/v1/ REST API endpoint when 'No-Auth URL' is enabled. This flaw allows unauthenticated attackers to extract valid session tokens, potentially leading to privilege escalation, such as creating new administrator accounts and taking full control of the affected WordPress site.

CrowdSec has been tracking this vulnerability and its exploits since 26th of November 2025.

Data from the CrowdSec community indicates that exploitation of CVE-2025-11749 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-11749 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-11749 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit unauthenticated requests to the /wp-json/mcp/v1 REST API endpoint, which exposes sensitive bearer tokens and related information when the No-Auth URL feature is enabled in the AI Engine WordPress plugin.