PatchSiren

tigroumeow CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH tigroumeow CVE published 2026-05-17

CVE-2026-8719

CVE-2026-8719 is a privilege-escalation flaw in the AI Engine WordPress plugin’s MCP OAuth authorization flow. The issue stems from missing WordPress capability enforcement: if a requester presents any valid OAuth bearer token, MCP access is granted without confirming administrator-level privileges. In practical terms, authenticated users at Subscriber level or above may be able to invoke admin-level MCP [truncated]