cleantalk
Vulnerabilities and Security Researches

AI Engine, CVE-2026-8719

CVE, Research URL

CVE-2026-8719

Home page URL

Security reports for AI Engine

Application

AI Engine

Published on
May 17, 2026
Research Description
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator.
Affected versions
max 3.5.0.
Status
vulnerable
Previous vulnerability researches
Direct Checkout for WooCommerce , Apr 28, 2026
New vulnerability
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-8912) , May 20, 2026
Cookie Law Bar (CVE-2021-47957) , May 20, 2026
WordPress Infinite Scroll – Ajax Load More (CVE-2026-6495) , May 20, 2026
AI Engine (CVE-2025-8084) , May 20, 2026
AI Engine (CVE-2026-8719) , May 20, 2026