Vulnerability  ·  2026-07-19

Aimogen Pro AI Content Writer WordPress Plugin Privilege Escalation via Missing Capability Check

VulnerabilityHigh impactGlobalCVE-2026-15982
A critical (CVSS 9.8) privilege escalation vulnerability was disclosed in a WordPress AI content-generation plugin, caused by a missing permission check on a function that invokes Google AI services.
WordPress AI plugins are widely installed on small-to-mid-size sites with limited security operations; missing capability checks on AI-integration endpoints let low-privileged or unauthenticated actors abuse the site's connected AI/Google API credentials or escalate privileges within the CMS.
The plugin's aiomatic_call_google_ai_function lacks a capability check, letting attackers with minimal privileges (e.g., Subscriber-level) call privileged AI-integration functions intended only for administrators.
Aimogen Pro – All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit (WordPress plugin) up to and including 2.8.4
Update the Aimogen Pro / AIomatic plugin to a version that restores the missing capability check per the vendor changelog.
Aimogen Pro / AIomatic changelog
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →