PT-2026-57120 · Nandhiniwp · Gw Ai Website Builder

Legion Hunter

·

Publicado

2026-07-10

·

Atualizado

2026-07-10

·

CVE-2026-1946

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu gravitywrite disconnect handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the plugin from GravityWrite via the 'gwaiwebu gravitywrite disconnect' AJAX action.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-1946

Produtos afetados

Gw Ai Website Builder