Vulnerability  ·  2026-07-14

AIWU AI Copilot Content Generator WordPress Plugin — Blind SQL Injection

VulnerabilityHigh impactGlobalCVE-2026-59515
The AIWU AI Copilot Content Generator WordPress plugin (<=1.5.4) contains a blind SQL injection vulnerability, CVSS 9.3, allowing attackers to manipulate backend SQL queries.
Although a critical CVSS score, this affects a single niche WordPress AI-content-generation plugin rather than core AI infrastructure, limiting blast radius to sites running this specific plugin; still relevant as it is an AI-generation tool with database compromise potential (content/config exfiltration).
Improper neutralization of special elements in SQL commands allows blind SQL injection against the AI content-generator plugin's database queries.
Sergey AIWU ai-copilot-content-generator WordPress plugin, through <= 1.5.4
Update to a patched version beyond 1.5.4 per Patchstack advisory once available.
Patchstack - AIWU plugin SQL Injection
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →