◈ AI Security Intelligence ← Daily feed
Vulnerability  ·  2026-06-17

AI Engine WordPress Plugin — Editor Privilege Escalation (CVE-2026-27407)

VulnerabilityHigh impactGlobalCVE-2026-27407
What happened
CVE-2026-27407 (CVSS 7.2 HIGH) published 2026-06-15. The AI Engine WordPress plugin (which provides ChatGPT/LLM-powered features to WordPress sites) allows users with Editor-level privileges to escalate to Administrator, gaining full site control.
Why it matters
AI Engine is a popular plugin that connects WordPress sites to LLM APIs. Privilege escalation to admin allows an attacker to exfiltrate stored API keys, modify AI-generated content pipelines, and take full site control from a limited Editor account.
Attack vector
An authenticated user with Editor-level WordPress privileges exploits a privilege escalation flaw in the AI Engine plugin to gain higher administrative access.
Affected systems
AI Engine WordPress plugin ≤ 3.4.9
Mitigation
Update AI Engine plugin to version > 3.4.9. Patchstack advisory: https://patchstack.com/database/wordpress/plugin/ai-engine/vulnerability/wordpress-ai-engine-plugin-3-4-9-privilege-escalation-vulnerability
Sources
Patchstack Advisory — AI Engine Privilege EscalationNVD CVE-2026-27407
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →