Privilege Escalation Vulnerability in Aimogen Pro Plugin for WordPress
CVE-2026-15982

9.8CRITICAL

What is CVE-2026-15982?

The Aimogen Pro plugin for WordPress, utilized for various AI-driven content solutions, has a vulnerability that allows privilege escalation. This issue stems from a missing capability check in the 'aiomatic_call_google_ai_function' function, which can be exploited by unauthenticated attackers. By utilizing the 'aimogen_wp_god_mode' tool, these attackers can bypass restrictions on function execution, leading to the possibility of creating unauthorized administrator accounts and executing arbitrary PHP functions on affected WordPress installations.

Affected Version(s)

Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit 0 <= 2.8.4

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bao Le
.