Unauthorized Data Modification Vulnerability in GW AI Website Builder Plugin for WordPress
CVE-2026-1946
4.3MEDIUM
What is CVE-2026-1946?
The GW AI Website Builder plugin for WordPress is susceptible to data manipulation by authenticated users due to a missing capability check in its disconnect handler function. This vulnerability allows users with at least Subscriber-level access to sever the plugin's connection to GravityWrite via the associated AJAX action. Proper validation and permission checks are crucial to prevent unauthorized modifications and ensure the security of the WordPress environment.
Affected Version(s)
GW AI Website Builder 0 <= 1.0.1