CVE-2026-15982
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic_call_google_ai_function' function. This makes it possible for unauthenticated attackers to leverage the 'aimogen_wp_god_mode' tool to clear function blacklists and execute arbitrary PHP functions, such as creating administrator accounts.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CodeRevolution | Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit | 0 <= 2.8.4 | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/53cc91fa-51fd-4d16-b740-a48f8d446b5d?source=cve
- https://coderevolution.ro/knowledge-base/faq/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.