CVE-2026-8719: WordPress AI Engine Plugin Privilege Escalation

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityprivilege-escalationcwe-269
CVE-2026-8719: WordPress AI Engine Plugin Privilege Escalation

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin, specifically version 3.4.9, is vulnerable to a critical privilege escalation. The National Vulnerability Database reports a CVSS score of 8.8 (High) for CVE-2026-8719, highlighting its severity.

This flaw stems from a fundamental design oversight: the plugin’s MCP OAuth bearer-token authorization path fails to enforce proper WordPress capability checks. Any valid OAuth token, even from a low-privileged subscriber, grants full MCP access without verifying administrator rights. This effectively allows authenticated attackers to invoke admin-level tools and escalate their privileges to Administrator.

For defenders, this is a clear and present danger. It’s not about exploiting a complex bug; it’s about a broken authorization model. Any attacker with a valid subscriber account on a vulnerable WordPress site can bypass security controls and gain full administrative access. The attacker’s calculus is simple: get a low-privilege account, exploit this, and own the site.

What This Means For You

  • If your organization uses the AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin, immediately check your version. If you're on 3.4.9 or an earlier vulnerable version, prioritize patching or disable the plugin until a fix is deployed. Audit your WordPress user logs for any suspicious activity, especially related to the MCP interface, and review OAuth token issuance.

Related ATT&CK Techniques

T1078.004 Abuse Elevation Control Mechanism: Sudo and Operating System Roles Privilege Escalation T1068 Exploitation for Privilege Escalation Privilege Escalation

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1068 Privilege Escalation

CVE-2026-8719: WordPress AI Engine Plugin Unauthorized Admin Access via OAuth

Sigma YAML — free preview 
title: CVE-2026-8719: WordPress AI Engine Plugin Unauthorized Admin Access via OAuth
id: scw-2026-05-17-ai-1
status: experimental
level: high
description: |
  Detects attempts to exploit CVE-2026-8719 by triggering the MCP OAuth bearer-token authorization path in the WordPress AI Engine plugin. This path is vulnerable to privilege escalation because it grants MCP access without verifying administrator privileges, allowing authenticated subscribers to invoke admin-level tools. This rule specifically looks for the 'action=mcp_oauth_bearer_token' parameter within the admin-ajax.php endpoint, which is the entry point for this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-17
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-8719/
tags:
  - attack.privilege_escalation
  - attack.t1068
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/wp-admin/admin-ajax.php'
      cs-uri-query|contains:
          - 'action=mcp_oauth_bearer_token'
      sc-status|exact: [
          200
      ]
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-8719 Privilege Escalation AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin
CVE-2026-8719 Privilege Escalation WordPress plugin version 3.4.9
CVE-2026-8719 Privilege Escalation Missing WordPress capability enforcement in MCP OAuth bearer-token authorization path
CVE-2026-8719 Privilege Escalation Authenticated (Subscriber+) attackers can invoke admin-level MCP tools

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 17, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8733 — Investintech SlimPDFReader Buffer Overflow

CVE-2026-8733 — A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The...

vulnerabilityCVEmedium-severitybuffer-overflowcwe-119cwe-121
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-8731 — Open5GS Denial of Service

CVE-2026-8731 — A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF....

vulnerabilityCVEmedium-severitydenial-of-servicecwe-404
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 1 Sigma

CVE-2026-8730 — Open5GS Denial of Service

CVE-2026-8730 — A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF....

vulnerabilityCVEmedium-severitydenial-of-servicecwe-404
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma