CVE-2025-11749 is a critical security vulnerability identified in the tigroumeow AI Engine plugin for WordPress, affecting all versions up to and including 3.1.3. The flaw resides in the /mcp/v1/ REST API endpoint, which, when the 'No-Auth URL' feature is enabled, inadvertently exposes the 'Bearer Token' used for authentication. This token exposure constitutes a CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) vulnerability. An attacker can exploit this by sending unauthenticated requests to the vulnerable endpoint to extract the bearer token without any authentication or user interaction. Possession of this token grants the attacker access to a valid session, enabling them to perform high-impact actions such as creating new administrator accounts, effectively escalating their privileges to full administrative control. The vulnerability's CVSS v3.1 score is 9.8, reflecting its critical nature due to network attack vector, no required privileges, no user interaction, and its impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the ease of exploitation and the severity of potential damage make this a high-risk issue. The vulnerability affects all plugin versions up to 3.1.3, and no patches were available at the time of reporting, emphasizing the need for immediate mitigation steps. The tigroumeow AI Engine plugin is used to enhance WordPress sites with AI capabilities, making it a target for attackers seeking to compromise websites that rely on this functionality. The exposure of bearer tokens can lead to unauthorized administrative access, data breaches, and potential site defacement or further malware deployment.

For European organizations, this vulnerability poses a severe risk due to the widespread use of WordPress as a content management system across various sectors including government, finance, healthcare, and e-commerce. Unauthorized access through the exposed bearer token can lead to full administrative control over affected websites, resulting in data breaches, defacement, disruption of services, and potential lateral movement within organizational networks. The compromise of administrator accounts can also facilitate the installation of backdoors or malware, undermining the integrity and availability of critical web services. Given the critical CVSS score and the lack of required authentication or user interaction, attackers can exploit this vulnerability remotely and at scale. Organizations with public-facing WordPress sites that have enabled the 'No-Auth URL' feature are particularly vulnerable. The impact extends beyond individual websites to potentially affect customer trust, regulatory compliance (e.g., GDPR), and operational continuity. The absence of known exploits in the wild currently provides a window for proactive defense, but the risk of imminent exploitation remains high.

European organizations should immediately audit their WordPress installations to identify the presence of the tigroumeow AI Engine plugin and verify the version in use. If the plugin version is 3.1.3 or earlier, they should disable the 'No-Auth URL' feature in the plugin settings to prevent bearer token exposure. Until an official patch is released, consider temporarily deactivating or removing the plugin if disabling the feature is not feasible. Implement strict access controls and monitoring on the /mcp/v1/ REST API endpoint to detect and block unauthorized requests. Employ Web Application Firewalls (WAFs) with custom rules to restrict access to sensitive API endpoints. Regularly review WordPress user accounts for unauthorized administrator additions and audit logs for suspicious activities. Organizations should also ensure that their WordPress core, plugins, and themes are kept up to date and subscribe to vulnerability advisories for timely patching. Additionally, implement multi-factor authentication (MFA) for WordPress administrator accounts to mitigate the impact of compromised credentials. Finally, conduct penetration testing and security assessments focused on API endpoints to identify similar exposures.