Unauthorized Data Modification Vulnerability in GW AI Website Builder Plugin for WordPress
CVE-2026-1946

4.3MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
10 July 2026

What is CVE-2026-1946?

The GW AI Website Builder plugin for WordPress is susceptible to data manipulation by authenticated users due to a missing capability check in its disconnect handler function. This vulnerability allows users with at least Subscriber-level access to sever the plugin's connection to GravityWrite via the associated AJAX action. Proper validation and permission checks are crucial to prevent unauthorized modifications and ensure the security of the WordPress environment.

Affected Version(s)

GW AI Website Builder 0 <= 1.0.1

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter
.