Missing Authorization Vulnerability in AI Chatbot & Workflow Automation Plugin for WordPress
CVE-2026-6803
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2026-6803?
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is susceptible to a Missing Authorization vulnerability that affects all versions up to and including 1.4.12. This issue arises from inadequate capability checks and nonce validation on AJAX actions triggered by both wp_ajax_ and wp_ajax_nopriv_ hooks. Specifically, the base controller's getPermissions() function returns an empty array, and critical methods like removeGroup and clear are not included in getNoncedMethods(). As a result, the authorization checks for these actions erroneously allow unauthenticated attackers to delete individual records by ID or even remove all entries from any database table associated with the modules.
Affected Version(s)
AI Copilot β Content Generator 0 <= 1.4.12