CVE-2025-11749 is a critical security vulnerability identified in the tigroumeow AI Engine plugin for WordPress, affecting all versions up to and including 3.1.3. The vulnerability stems from improper exposure of sensitive information—specifically, the Bearer Token—via the /mcp/v1/ REST API endpoint when the 'No-Auth URL' configuration is enabled. This endpoint inadvertently returns the Bearer Token to unauthenticated requests, violating the principle of least privilege and exposing session credentials to unauthorized actors. The Bearer Token is a critical authentication token that, if compromised, allows attackers to impersonate legitimate users and perform actions with their privileges. Exploiting this vulnerability requires no authentication or user interaction, making it trivially exploitable remotely over the network. Once an attacker obtains the token, they can create new administrator accounts, effectively escalating privileges and gaining full control over the WordPress site. This leads to a complete compromise of confidentiality, integrity, and availability of the affected system. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and has been assigned a CVSS v3.1 base score of 9.8, indicating critical severity. Although no known exploits are currently reported in the wild, the ease of exploitation and potential impact make this a high-risk vulnerability. The lack of an available patch at the time of reporting necessitates immediate mitigation steps by administrators. The vulnerability affects a widely used WordPress plugin, increasing the potential attack surface across numerous websites globally.

The impact of CVE-2025-11749 is severe for organizations using the tigroumeow AI Engine plugin on WordPress sites. Unauthorized disclosure of the Bearer Token allows attackers to bypass authentication controls and gain administrative access. This can lead to full site compromise, including data theft, website defacement, insertion of malicious code or backdoors, and disruption of services. The ability to create new administrator accounts enables persistent access and lateral movement within the affected environment. For organizations relying on WordPress for business-critical websites, e-commerce, or customer portals, this vulnerability threatens confidentiality of sensitive data, integrity of content, and availability of services. Additionally, compromised sites can be used as launchpads for further attacks such as phishing, malware distribution, or as part of botnets. The widespread use of WordPress and popularity of AI Engine plugin increases the scale of potential impact globally. The vulnerability also poses reputational and compliance risks, especially for organizations subject to data protection regulations.

To mitigate CVE-2025-11749, organizations should immediately disable the 'No-Auth URL' feature in the tigroumeow AI Engine plugin configuration to prevent unauthorized access to the Bearer Token via the REST API. Administrators should monitor and restrict access to the /mcp/v1/ REST API endpoint using web application firewalls (WAFs) or access control rules to block unauthenticated requests. It is critical to apply any available patches or updates from the vendor as soon as they are released. In the absence of a patch, consider temporarily removing or deactivating the AI Engine plugin if feasible. Conduct thorough audits of user accounts to detect unauthorized administrator accounts and revoke suspicious sessions or tokens. Implement logging and monitoring to detect anomalous API access patterns. Employ strong authentication and session management practices to limit token exposure. Educate site administrators about the risks of enabling 'No-Auth URL' features and encourage minimal exposure of sensitive API endpoints. Regularly back up website data and configurations to enable recovery in case of compromise.