Editor Privilege Escalation in AI Engine Plugin by WordPress
CVE-2026-27407

7.2HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
15 June 2026

What is CVE-2026-27407?

An editor privilege escalation vulnerability exists in the AI Engine plugin versions up to 3.4.9 for WordPress, allowing unauthorized users to gain elevated access and control over certain functionalities. This can potentially lead to unauthorized modifications or exposure of sensitive data within the site, making it crucial for users to upgrade to the latest version to mitigate the risks associated.

Affected Version(s)

AI Engine <= 3.4.9

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO | Patchstack Bug Bounty Program
.