SQL Injection Vulnerability in AIWU Copilot Content Generator by Sergey
CVE-2026-59515

9.3CRITICAL

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-59515?

A vulnerability exists in Sergey AIWU Copilot Content Generator that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue impacts users utilizing versions of the AIWU plugin up to and including 1.5.4, permitting unauthorized access to the underlying database and potentially exposing sensitive data.

Affected Version(s)

AIWU 0 <= 1.5.4

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VanTastic | Patchstack Bug Bounty Program
.