What happened
The AIWU AI Copilot Content Generator WordPress plugin (<=1.5.4) contains a blind SQL injection vulnerability, CVSS 9.3, allowing attackers to manipulate backend SQL queries.
Why it matters
Although a critical CVSS score, this affects a single niche WordPress AI-content-generation plugin rather than core AI infrastructure, limiting blast radius to sites running this specific plugin; still relevant as it is an AI-generation tool with database compromise potential (content/config exfiltration).
Attack vector
Improper neutralization of special elements in SQL commands allows blind SQL injection against the AI content-generator plugin's database queries.
Affected systems
Sergey AIWU ai-copilot-content-generator WordPress plugin, through <= 1.5.4
Mitigation
Update to a patched version beyond 1.5.4 per Patchstack advisory once available.