CVE-2026-12510 Overview
CVE-2026-12510 affects the AI Engine plugin for WordPress in versions prior to 3.5.5. The plugin fails to verify that a user owns the chatbot conversation referenced by a client-supplied identifier. Authenticated attackers with subscriber-level access can read other users' private chatbot conversations. Attackers can also take over conversation records when the discussions feature is enabled. The flaw is an Insecure Direct Object Reference [CWE-639] in the discussions functionality. See the WPScan Vulnerability Report for advisory details.
Critical Impact
Any authenticated subscriber can read or hijack private AI chatbot conversations belonging to other users on affected WordPress sites.
Affected Products
- AI Engine WordPress plugin versions prior to 3.5.5
- WordPress sites with the AI Engine discussions feature enabled
- Sites permitting subscriber-level user registration with AI Engine installed
Discovery Timeline
- 2026-07-16 - CVE-2026-12510 published to NVD
- 2026-07-16 - Last updated in NVD database
Technical Details for CVE-2026-12510
Vulnerability Analysis
The AI Engine plugin exposes endpoints that accept a client-supplied conversation identifier when interacting with chatbot discussions. The plugin trusts the supplied identifier without validating that the requesting user owns the referenced conversation. This missing ownership check allows one authenticated user to reference identifiers belonging to other users.
Because the AI Engine plugin persists chatbot conversation history for the discussions feature, private prompts, responses, and any sensitive data exchanged with the AI can be retrieved by unauthorized users. In addition to reading conversations, an attacker can take over conversation records, appending to or modifying discussions attributed to another user's session.
Root Cause
The root cause is missing authorization on conversation object access [CWE-639]. The plugin relies on a client-supplied identifier as the sole reference to the conversation, without cross-checking the current user's ID against the conversation's owner. This pattern is a classic Insecure Direct Object Reference.
Attack Vector
Exploitation requires an authenticated account, but only subscriber-level privileges are needed. On many WordPress sites, subscriber accounts can be self-registered. An attacker registers or uses an existing subscriber account, then sends requests to the AI Engine discussion endpoints supplying conversation identifiers belonging to other users. The server returns the referenced conversation data or accepts modifications without verifying ownership. Refer to the WPScan advisory for endpoint-level technical details.
Detection Methods for CVE-2026-12510
Indicators of Compromise
- Requests to AI Engine REST endpoints from subscriber-level accounts referencing conversation identifiers those accounts did not create.
- Unusual enumeration patterns against chatbot discussion endpoints, such as sequential or incrementing identifier values.
- Conversation records showing activity from user IDs that do not match the record's original owner.
Detection Strategies
- Review WordPress access logs for repeated requests to AI Engine discussion endpoints from low-privileged users.
- Correlate the authenticated user ID with the conversation owner ID in application logs to identify mismatches.
- Query the plugin's database tables to detect conversations updated by users other than the original owner.
Monitoring Recommendations
- Enable verbose logging on the AI Engine plugin and forward logs to a centralized analytics platform.
- Alert on any subscriber account making high-volume requests to chatbot or discussion REST routes.
- Track new subscriber registrations followed shortly by requests to AI Engine endpoints.
How to Mitigate CVE-2026-12510
Immediate Actions Required
- Upgrade the AI Engine plugin to version 3.5.5 or later on all WordPress installations.
- Audit existing subscriber and low-privileged accounts for suspicious activity against AI Engine endpoints.
- If patching cannot occur immediately, disable the AI Engine discussions feature in the plugin settings.
Patch Information
Update to AI Engine version 3.5.5 or later, which introduces ownership verification for conversation identifiers. Consult the WPScan Vulnerability Report for the fixed version reference and confirm the update through the WordPress plugin repository.
Workarounds
- Disable the discussions feature in the AI Engine plugin configuration until patching is complete.
- Restrict new user registration or require administrator approval to limit subscriber-level access.
- Deploy a web application firewall rule to block unauthenticated or anomalous access to AI Engine discussion REST routes.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

