Lucene search
+L

4 matches found

NVD
NVD
added 13 hours ago5 views

CVE-2026-9810

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

9.8CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 15 hours ago3 views

CVE-2026-9810

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

9.8CVSS5.6AI score
Exploits0References1
CVE
CVE
added 15 hours ago10 views

CVE-2026-9810

The CVE-2026-9810 entry concerns the AI Copilot WordPress plugin prior to version 1.5.4. The root cause is that the plugin does not bind OAuth access tokens to a WordPress user, allowing any valid token to be treated as an administrator session. Consequently, unauthenticated attackers completing ...

9.8CVSS6.3AI score
Exploits0References1
CVE
CVE
added 2025/12/31 3:39 p.m.12 views

CVE-2025-62116

CVE-2025-62116 is described in the initial document as a Missing Authorization vulnerability in the QuadLayers AI Copilot (WordPress plugin), affecting versions from unknown up to and including 1.4.7. The connected Wordfence document substantively corroborates that AI Copilot is affected by a Mis...

5.3CVSS5.1AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder