4 matches found
CVE-2026-9810
The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...
CVE-2026-9810
The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...
CVE-2026-9810
The CVE-2026-9810 entry concerns the AI Copilot WordPress plugin prior to version 1.5.4. The root cause is that the plugin does not bind OAuth access tokens to a WordPress user, allowing any valid token to be treated as an administrator session. Consequently, unauthenticated attackers completing ...
CVE-2025-62116
CVE-2025-62116 is described in the initial document as a Missing Authorization vulnerability in the QuadLayers AI Copilot (WordPress plugin), affecting versions from unknown up to and including 1.4.7. The connected Wordfence document substantively corroborates that AI Copilot is affected by a Mis...