Security Advisory

CVE-2025-6238

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-04 01:44:02
Last updated 2025-07-08 14:28:09
Assigner Wordfence
State PUBLISHED

Description

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the redirect_uri parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the Meow_MWAI_Labs_OAuth class is not loaded in the plugin in the patched version 2.8.5.