If you use the AI Engine plugin on your WordPress site, this is a must-read!
A major security flaw was recently found by Wordfence in the popular AI Engine WordPress plugin, which is active on over 100,000 websites. The bug could let even basic users (like subscribers) take full control of your website — without your permission.
What’s the issue?
- The problem was in a feature called MCP (Model Context Protocol).
- If it was enabled, any logged-in user could act like an admin — change passwords, delete content, or even lock you out of your own site!
- This bug affects versions 2.8.0 to 2.8.3 of the plugin.
Fixed in version 2.8.4 – Update now if you haven’t already!
What should you do?
- Update the plugin to the latest version (2.8.4 or higher).
- Turn off Dev Tools and MCP features if you’re not using them.
- Review user roles and remove any suspicious users.
- Uninstall unused plugins to reduce risk.
Why this matters?
WordPress plugins are powerful, but they can also open the door to hackers if not managed properly. With so many recent plugin issues in 2025, staying alert is your best protection.
Need help with WordPress website maintenance? We offer reliable AMC (Annual Maintenance Contract) services, including:
- Monthly backups
- Virus/malware scans
- Plugin & theme updates
- Regular performance checks
- Security monitoring
Feel free to contact us if you’d like peace of mind knowing your website is up-to-date and secure. For more details, please visit https://yagnis.com/