Lucene search
K

31 matches found

NVD
NVD
added yesterday5 views

CVE-2026-59515

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through = 1.5.4...

9.3CVSS0.004EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-59515 WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through = 1.5.4...

9.3CVSS0.004EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-59515

CVE-2026-59515 affects the WordPress AIWU plugin (ai-copilot-content-generator) and is due to an improper neutralization of special elements in SQL commands , enabling Blind SQL Injection . Affected versions are WordPress AIWU plugin ≤ 1.5.4. The CVSS‑3.1 base score is 9.3 (CRITICAL) with network...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-6804

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacke...

5.3CVSS0.00353EPSS
Exploits0References10
NVD
NVD
added 3 days ago7 views

CVE-2026-6803

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...

5.3CVSS0.00297EPSS
Exploits0References12
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43144

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacke...

5.3CVSS6.2AI score0.00353EPSS
Exploits0References10
CVE
CVE
added 3 days ago14 views

CVE-2026-6804

Technical details about CVE-2026-6804 are not publicly available in the provided documents. Monitor for updates for affected versions, impact, and remediation as connected docs are not supplied.

5.3CVSS6.2AI score0.00353EPSS
Exploits0References10
Patchstack
Patchstack
added 5 days ago5 views

WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin AIWU versions = 1.5.4...

9.3CVSS6.1AI score0.004EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS5.7AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 3:16 p.m.17 views

CVE-2026-48879

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...

9.8CVSS0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 2:38 p.m.11 views

CVE-2026-48879 WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 2:38 p.m.15 views

EUVD-2026-33649

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 2:38 p.m.32 views

CVE-2026-48879 WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...

9.8CVSS0.00328EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 2:38 p.m.24 views

CVE-2026-48879

The CVE-2026-48879 entry concerns the WordPress AIWU plugin (versions up to 1.4.17). It is described as an Incorrect Privilege Assignment that enables Privilege Escalation. CVSS v3.1 base score 9.8 (Network attack, Low complexity, No user interaction, Privileges required: None; Confidentiality/In...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45441

Name of the Vulnerable Software and Affected Versions Sergey AIWU versions prior to 1.4.17 Description Incorrect privilege assignment in Sergey AIWU allows for privilege escalation, which occurs when a user is granted more permissions than intended, enabling them to perform unauthorized actions...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/25 7:31 a.m.11 views

WordPress AI Chatbot & Workflow Automation by AIWU plugin <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin AIWU versions = 1.4.14...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/20 7:16 a.m.12 views

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 5:31 a.m.10 views

CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:31 a.m.7 views

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 5:31 a.m.23 views

CVE-2026-2955

CVE-2026-2955 affects the WordPress plugin “AI Chatbot & Workflow Automation by AIWU” up to version 1.4.14. The issue is a Stored Cross-Site Scripting (XSS) vulnerability that can be triggered via the X-Forwarded-For header due to insufficient input sanitization and output escaping. It is exploit...

6.4CVSS6AI score0.00223EPSS
Exploits0References2
Rows per page
Query Builder