CVE-2026-1103

Name of the Vulnerable Software and Affected Versions AIKTP plugin for WordPress versions through 5.0.04

Description The AIKTP plugin for WordPress is susceptible to unauthorized data modification because of inadequate authorization checks on the /aiktp/getToken API endpoint. The endpoint utilizes the verify user logged in permission callback, which confirms user login status but does not validate administrative privileges. This allows authenticated attackers with Subscriber-level access or higher to obtain the administrator's aiktpz token access token. This token can then be used to create posts, upload files to the media library, and access private content with administrator permissions.

Recommendations Update the AIKTP plugin to a version beyond 5.0.04.