WordPress AI Plugin OAuth Token Privilege Escalation Flaw

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator.

Casky was already ahead

This CVE exploits attack patterns that Casky's 203matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.

Analysis

The AI Engine WordPress plugin version 3.4.9 contains a critical privilege escalation vulnerability in its MCP (Model Context Protocol) OAuth implementation. By failing to enforce WordPress capability checks on OAuth bearer tokens, the plugin allows any authenticated user—even those with minimal Subscriber-level permissions—to bypass authorization controls and gain administrator-level access to MCP tools. This is particularly dangerous because MCP tools often interact with sensitive WordPress functions, database operations, and plugin management capabilities. Any WordPress installation running this plugin version with OAuth enabled is at immediate risk, as attackers need only valid authentication credentials (which are common in multi-user WordPress environments) to escalate to full administrative control.

Casky's 203 matched skills help practitioners detect this attack pattern by analyzing MITRE ATT&CK technique TA0004 (Privilege Escalation) behavior across authentication and authorization logs. Practitioners using Casky would identify suspicious patterns such as: OAuth token usage from low-privilege accounts accessing admin-level MCP endpoints, rapid escalation of user roles following OAuth authentication, MCP tool invocations that don't match the caller's WordPress capabilities, and unauthorized plugin or user management actions initiated through the MCP interface. The extended reasoning capabilities of Claude AI within Casky enable correlation of these signals—detecting when OAuth bearer tokens are being reused across different privilege contexts or when legitimate tokens are being leveraged to perform out-of-character administrative actions that would normally require explicit capability verification.

Live Threat IntelligenceComing soon

Casky Risk Score

—

EPSS Probability

—

Shodan Exposure

—

GreyNoise Signal

—

Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →

203 Casky skills cover this attack pattern

These skills use Claude AI's reasoning model to surface findings in the same attack categories as CVE-2026-8719.

analyzing-cloud-storage-access-patterns

cloud security · low

Run

analyzing-kubernetes-audit-logs

container security · low

Run

analyzing-office365-audit-logs-for-compromise

cloud security · low

Run

MITRE ATT&CK Techniques

TA0004

Investigate the attack patterns behind CVE-2026-8719

Casky has 203 skills that investigate the attack patterns behind CVE-2026-8719. Run one and get CVSS-scored findings in 3 minutes.

Run the skill that detects this →

X Instagram LinkedIn