CVE-2025-11749 is a critical security vulnerability identified in the tigroumeow AI Engine plugin for WordPress, affecting all versions up to and including 3.1.3. The vulnerability arises from the exposure of sensitive information—specifically the bearer token used for authentication—via the /mcp/v1/ REST API endpoint when the plugin's 'No-Auth URL' feature is enabled. This feature, intended to allow unauthenticated access to certain API endpoints, inadvertently leaks the bearer token to any unauthenticated requester. The bearer token is a critical credential that grants access to a valid session, enabling attackers to perform actions with the privileges of the compromised session. Exploiting this vulnerability requires no authentication or user interaction, making it trivially exploitable remotely over the network. Once an attacker obtains the bearer token, they can escalate privileges by creating new administrator accounts, thereby gaining full control over the WordPress site. This compromises the confidentiality, integrity, and availability of the affected systems. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and has been assigned a CVSS v3.1 base score of 9.8, reflecting its critical severity. Although no exploits have been reported in the wild yet, the ease of exploitation and high impact make it a significant threat. The vulnerability was reserved on October 14, 2025, and published on November 5, 2025. No official patches are currently linked, indicating that users must rely on configuration changes to mitigate risk until a patch is released.

For European organizations, this vulnerability poses a severe risk, especially for those relying on WordPress sites with the tigroumeow AI Engine plugin installed and the 'No-Auth URL' feature enabled. The exposure of bearer tokens can lead to unauthorized full administrative access, allowing attackers to manipulate website content, steal sensitive data, deploy malware, or use the compromised site as a pivot point for further network intrusion. This can result in data breaches affecting customer privacy, intellectual property theft, reputational damage, regulatory non-compliance (e.g., GDPR violations), and potential service disruptions. Given the widespread use of WordPress across Europe and the increasing adoption of AI-powered plugins, the attack surface is substantial. Public-facing websites, e-commerce platforms, and government portals using this plugin are particularly vulnerable. The critical nature of the vulnerability means that even organizations with strong perimeter defenses can be compromised if the plugin is exposed to the internet with the vulnerable configuration. The lack of required authentication and user interaction further increases the risk of automated exploitation campaigns targeting European entities.

1. Immediately disable the 'No-Auth URL' feature in the tigroumeow AI Engine plugin configuration to prevent unauthorized access to the bearer token via the REST API. 2. Monitor web server and WordPress REST API access logs for unusual or repeated requests to the /mcp/v1/ endpoint, which may indicate exploitation attempts. 3. Restrict access to the REST API endpoints by implementing network-level controls such as IP whitelisting or web application firewall (WAF) rules to block unauthenticated requests to sensitive API paths. 4. Enforce strict authentication and authorization checks on all API endpoints, ensuring that bearer tokens or other credentials are never exposed in responses. 5. Regularly update the tigroumeow AI Engine plugin as soon as the vendor releases a security patch addressing this vulnerability. 6. Conduct a thorough audit of user accounts and permissions on affected WordPress sites to detect and remediate any unauthorized administrative accounts created due to exploitation. 7. Educate site administrators about the risks of enabling 'No-Auth URL' and the importance of secure plugin configurations. 8. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect anomalous activities indicative of exploitation.