PT-2026-60718 · Coderevolution · Aimogen Pro - All-In-One Ai Content Writer
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic call google ai function' function. This makes it possible for unauthenticated attackers to leverage the 'aimogen wp god mode' tool to clear function blacklists and execute arbitrary PHP functions, such as creating administrator accounts.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aimogen Pro - All-In-One Ai Content Writer