AI Engine – The Chatbot, AI Framework & MCP for WordPress (CVE-2026-8719)

Security Alert Summary

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin contains a privilege escalation vulnerability in version 3.4.9. A missing capability check in the MCP OAuth bearer-token authorization path can grant MCP access when any valid OAuth token is presented, allowing authenticated low-privilege users to invoke admin-level MCP tools and escalate to Administrator.

CVE Details

• CVE ID: CVE-2026-8719
• Affected component: AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin (MCP component)
• Affected versions: 3.4.9
• Published: May 17, 2026 at 04:16:42 AM
• Last modified: May 17, 2026 at 04:16:42 AM
• CVSS v3.1: Base Score 8.8, Severity HIGH
• CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• Authentication / privileges / user interaction: Attack requires authentication with low privileges (PR:L). No user interaction is required (UI:N). Attack vector is network (AV:N) and attack complexity is low (AC:L).
• Primary impact: Confidentiality: High; Integrity: High; Availability: High
• Weakness (CWE): CWE-269 (Improper Privilege Management)

Technical Details

The vulnerability is caused by missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path. Specifically, the authorization logic grants MCP access when presented with any valid OAuth bearer token without verifying that the token holder has administrator privileges.

Because the check for administrator capabilities is absent in that authorization path, authenticated users with Subscriber-level and higher accounts can obtain MCP access and invoke admin-level MCP tools. The description indicates the issue is limited to the MCP OAuth bearer-token authorization path and the associated MCP access control checks.

Impact observed in the report is privilege escalation to Administrator for authenticated low-privileged users, enabling actions that require administrative capabilities. The description does not name additional endpoints or functions beyond the MCP OAuth bearer-token authorization path and MCP tools.

How This Could Impact Your Website

On a typical WordPress site, this vulnerability could let an authenticated contributor, contractor, or other low-privilege user gain administrative MCP access. For example, an external contractor with a Subscriber+ account could use a valid OAuth token to access MCP admin tools they should not see, and then escalate their role to Administrator.

Practical consequences include exposure of internal user data, including email addresses, and a higher risk of targeted phishing or social engineering against staff and contributors. An attacker with escalated administrator privileges could also modify site settings or plugins, increasing the potential for further compromise.

professional review If you’re unsure whether your site is affected or how to assess your current user roles and plugins, it may be worth having a professional review of your setup.

Recommended Actions

• Update the affected plugin as soon as a patched version is available.
• Review and reduce unnecessary user roles and capabilities, especially for contributors and low-privilege accounts.
• Enforce strong passwords and enable two-factor authentication for editor and administrator accounts.
• Remove unused or unmaintained plugins and components that expose additional authorization paths.
• Monitor site activity and logs for unusual behavior, such as unexpected role changes or new administrative actions from non-admin accounts.

If youd like help reviewing your plugins, user roles, or overall WordPress security posture, our team at Freshy is happy to help.

References

• https://plugins.trac.wordpress.org/changeset/3533527/ai-engine
• https://www.wordfence.com/threat-intel/vulnerabilities/id/0593c20d-3422-4817-9639-614254b609db?source=cve