CVE Vulnerabilities

CVE-2026-15982

Improper Privilege Management

Published: Jul 17, 2026 | Modified: Jul 17, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the aiomatic_call_google_ai_function function. This makes it possible for unauthenticated attackers to leverage the aimogen_wp_god_mode tool to clear function blacklists and execute arbitrary PHP functions, such as creating administrator accounts.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References