NIST · via Voidly Atlas
CVE-2026-8719
This is the agency's own public-domain data, curated and made citable by Voidly. Voidly adds no independent claim — always verify against the linked canonical source.
cve id
CVE-2026-8719
published
2026-05-17T04:16:42.580
last modified
2026-05-17T04:16:42.580
status
Received
description
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator.
cvss score
8.8
cvss severity
HIGH
cvss vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cwes
CWE-269
cpe count
0
Cite this record
CVE-2026-8719 — HIGH. NIST, via Voidly Atlas — Surveillance & Digital-Rights Watch. Retrieved 2026-06-07, https://voidly.ai/atlas/federal/nvd-cves/CVE-2026-8719
@misc{voidly_nvd_cves_CVE20268719,
title = {CVE-2026-8719 — HIGH},
author = {{Voidly}},
howpublished = {\url{https://voidly.ai/atlas/federal/nvd-cves/CVE-2026-8719}},
note = {Source: NIST National Vulnerability Database, https://nvd.nist.gov/vuln/detail/CVE-2026-8719. Public domain (17 U.S.C. §105); re-surfaced under CC BY 4.0},
urldate = {2026-06-07},
year = {2026}
}Also available as JSON/BibTeX/APA: API record. Source data is U.S. federal public domain (17 U.S.C. §105). Re-surfaced by Voidly under CC BY 4.0.