{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/ai-chatbot--workflow-automation-by-aiwu-plugin-for-wordpress/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-2993"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["AI Chatbot \u0026 Workflow Automation by AIWU plugin for WordPress"],"_cs_severities":["high"],"_cs_tags":["cve","sqli","wordpress","injection"],"_cs_type":"threat","_cs_vendors":["AIWU"],"content_html":"\u003cp\u003eThe AI Chatbot \u0026amp; Workflow Automation by AIWU plugin for WordPress, versions up to and including 1.4.17, contains a SQL Injection vulnerability (CVE-2026-2993). This flaw stems from insufficient input sanitization of user-supplied parameters and inadequate preparation of the SQL query within the \u003ccode\u003egetListForTbl()\u003c/code\u003e function. Successful exploitation enables unauthenticated attackers to inject malicious SQL queries, potentially extracting sensitive information from the WordPress database. While version 1.4.11 introduced a partial mitigation involving a nonce check, this only affects administrative access and does not fully resolve the vulnerability. This vulnerability allows for database exfiltration and potential compromise of the WordPress site.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site using the vulnerable AI Chatbot \u0026amp; Workflow Automation by AIWU plugin (version \u0026lt;= 1.4.17).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting an endpoint that uses the \u003ccode\u003egetListForTbl()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into a user-supplied parameter within the HTTP request, exploiting the lack of proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is appended to the existing SQL query executed by the \u003ccode\u003egetListForTbl()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe modified SQL query executes against the WordPress database.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the SQL injection to extract sensitive data such as user credentials, API keys, or other confidential information.\u003c/li\u003e\n\u003cli\u003eThe extracted data is returned to the attacker via the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker may further compromise the WordPress site or connected systems using the exfiltrated data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL Injection vulnerability (CVE-2026-2993) in the AIWU WordPress plugin can lead to the unauthorized disclosure of sensitive information stored in the WordPress database. This may include user credentials, customer data, API keys, and other confidential information. Depending on the extracted data, attackers could further compromise the WordPress site, escalate privileges, or gain access to connected systems. This poses a significant risk to the confidentiality, integrity, and availability of the affected WordPress site and its data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches to upgrade the AI Chatbot \u0026amp; Workflow Automation by AIWU plugin for WordPress to a version greater than 1.4.17 to remediate CVE-2026-2993.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-2993 Exploitation — AIWU WordPress Plugin SQL Injection\u0026rdquo; to your SIEM to detect exploitation attempts targeting the vulnerable plugin.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests containing suspicious SQL injection patterns targeting WordPress plugins.\u003c/li\u003e\n\u003cli\u003eReview and audit WordPress plugin code for proper input sanitization and parameterized queries to prevent SQL injection vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T09:17:24Z","date_published":"2026-05-12T09:17:24Z","id":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-aiwu-sqli/","summary":"The AI Chatbot \u0026 Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection (CVE-2026-2993) in versions up to 1.4.17, allowing unauthenticated attackers to extract sensitive information from the database.","title":"AIWU WordPress Plugin Vulnerable to SQL Injection (CVE-2026-2993)","url":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-aiwu-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — AI Chatbot \u0026 Workflow Automation by AIWU Plugin for WordPress","version":"https://jsonfeed.org/version/1.1"}