{"vulnerability": "CVE-2025-5071", "sightings": [{"uuid": "043bf2a9-da7d-4793-92a3-1a1f045fce0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5071", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrwr2u6unv2o", "content": "", "creation_timestamp": "2025-06-19T05:09:56.677285Z"}, {"uuid": "f737dd53-4cba-4abc-851b-42a5665d0863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5071", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrxlslnpsh2v", "content": "", "creation_timestamp": "2025-06-19T13:08:30.356938Z"}, {"uuid": "48b23a07-dd67-48ae-98e4-e5e1478f6549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5071", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18844", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5071\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.\n\ud83d\udccf Published: 2025-06-19T09:23:47.875Z\n\ud83d\udccf Modified: 2025-06-19T09:23:47.875Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve\n2. https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43\n3. https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21", "creation_timestamp": "2025-06-19T09:43:36.000000Z"}]}