23 matches found
CVE-2026-2955
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2026-48879
Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...
CVE-2026-48879 WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...
CVE-2026-48879 WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...
EUVD-2026-33649
Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...
CVE-2026-48879
The CVE-2026-48879 entry concerns the WordPress AIWU plugin (versions up to 1.4.17). It is described as an Incorrect Privilege Assignment that enables Privilege Escalation. CVSS v3.1 base score 9.8 (Network attack, Low complexity, No user interaction, Privileges required: None; Confidentiality/In...
PT-2026-45441
Name of the Vulnerable Software and Affected Versions Sergey AIWU versions prior to 1.4.17 Description Incorrect privilege assignment in Sergey AIWU allows for privilege escalation, which occurs when a user is granted more permissions than intended, enabling them to perform unauthorized actions...
WordPress AI Chatbot & Workflow Automation by AIWU plugin <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin AIWU versions = 1.4.14...
CVE-2026-2955
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2026-2955
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2026-2955
CVE-2026-2955 affects the WordPress plugin “AI Chatbot & Workflow Automation by AIWU” up to version 1.4.14. The issue is a Stored Cross-Site Scripting (XSS) vulnerability that can be triggered via the X-Forwarded-For header due to insufficient input sanitization and output escaping. It is exploit...
EUVD-2026-31064
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
PT-2026-42107
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
WordPress AIWU plugin <= 1.4.21 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin AIWU versions = 1.4.21...
EUVD-2026-29389
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...
CVE-2026-2993
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...
CVE-2026-2993
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...
CVE-2026-2993
The CVE describes an unauthenticated SQL Injection in the WordPress plugin AI Chatbot & Workflow Automation by AIWU, affected in versions up to 1.4.17. The flaw resides in getListForTbl() due to insufficient escaping of user input and an inadequately prepared SQL query, allowing an attacker to ap...
CVE-2026-2993 AI Chatbot & Workflow Automation by AIWU <= 1.4.17 - Unauthenticated SQL Injection in getListForTbl()
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...