PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8719 tigroumeow CVE debrief

CVE-2026-8719 is a privilege-escalation flaw in the AI Engine WordPress plugin’s MCP OAuth authorization flow. The issue stems from missing WordPress capability enforcement: if a requester presents any valid OAuth bearer token, MCP access is granted without confirming administrator-level privileges. In practical terms, authenticated users at Subscriber level or above may be able to invoke admin-level MCP tools and elevate themselves to Administrator. The CVSS score is 8.8 (High).

Vendor
tigroumeow
Product
AI Engine – The Chatbot, AI Framework & MCP for WordPress
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-17
Original CVE updated
2026-05-18
Advisory published
2026-05-17
Advisory updated
2026-05-18

Who should care

WordPress site owners and administrators running the AI Engine plugin, especially environments that allow Subscriber+ accounts or expose MCP/OAuth functionality. Security teams should also care if the site uses the plugin for automation or exposes admin-like tools through MCP.

Technical summary

NVD records the vulnerability as CVE-2026-8719 with CVSS v3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and weakness classification CWE-269. The Wordfence-referenced description indicates that in AI Engine 3.4.9, the MCP OAuth bearer-token authorization path did not enforce the WordPress capability check required to distinguish ordinary authenticated users from administrators. Because access was granted on the basis of a valid OAuth token alone, an authenticated lower-privilege user could reach MCP tools intended for admins and escalate privileges.

Defensive priority

High. This is an authenticated privilege-escalation issue with direct administrative impact, low attack complexity, and no user interaction required. If the plugin is present and MCP/OAuth features are enabled, remediation should be treated as urgent.

Recommended defensive actions

  • Update the AI Engine plugin to a version that includes the capability-enforcement fix referenced by the WordPress changeset.
  • Review any authenticated user roles on affected WordPress sites, especially Subscriber and other low-privilege accounts.
  • Temporarily disable MCP or OAuth access paths if patching cannot be completed immediately.
  • Audit WordPress administrative accounts and recent privilege changes for signs of unauthorized escalation.
  • Check plugin logs and site activity for unexpected MCP tool usage from non-administrative users.

Evidence notes

Primary evidence comes from the NVD record for CVE-2026-8719 and the Wordfence-referenced sources listed there. The NVD entry identifies the weakness as CWE-269 and includes the vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The referenced WordPress plugin changeset and Wordfence advisory support the description that missing capability enforcement in the MCP OAuth bearer-token path allows authenticated users to gain elevated access.

Official resources

Publicly disclosed in the NVD record on 2026-05-17. The NVD entry cites Wordfence references and a WordPress plugin changeset as supporting source material.