Open Redirect Vulnerability in AI Engine Plugin for WordPress
CVE-2025-6238

8HIGH

Key Information:

Vendor

WordPress
Status
AI Engine
Vendor
CVE Published:
4 July 2025

What is CVE-2025-6238?

The AI Engine plugin for WordPress features an open redirect vulnerability in version 2.8.4 due to insecure OAuth implementation. The absence of validation in the 'redirect_uri' parameter during the authorization process allows unauthenticated attackers to redirect users to malicious URIs. This redirection can lead to the interception of authorization codes, enabling unauthorized retrieval of access tokens. It is crucial for users to upgrade to version 2.8.5, where the problematic OAuth class is not loaded, mitigating this vulnerability.

References

https://plugins.trac.wordpress.org/browser/ai-engine/tags...
https://plugins.trac.wordpress.org/changeset/3321384/ai-e...
https://plugins.trac.wordpress.org/changeset/3321384/ai-e...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2025-6238 : Open Redirect Vulnerability in AI Engine Plugin for WordPress