{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/aimogen/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-15982"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot \u0026 Automation Toolkit plugin (\u003c 2.8.5)"],"_cs_severities":["critical"],"_cs_tags":["web","wordpress","plugin","privilege-escalation","cve"],"_cs_type":"advisory","_cs_vendors":["Aimogen","WordPress"],"content_html":"\u003cp\u003eA critical privilege escalation vulnerability, tracked as CVE-2026-15982, has been identified in the Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot \u0026amp; Automation Toolkit plugin for WordPress, affecting all versions up to and including 2.8.4. This flaw is due to a missing capability check on the \u003ccode\u003eaiomatic_call_google_ai_function\u003c/code\u003e. Exploiting this, unauthenticated attackers can leverage the \u003ccode\u003eaimogen_wp_god_mode\u003c/code\u003e tool. This tool, when misused, allows attackers to bypass internal function blacklists and execute arbitrary PHP functions. The ultimate objective of such an attack is typically to create new administrator accounts on the affected WordPress site, granting the attacker full control over the website's content, data, and settings. This vulnerability poses a significant risk to affected WordPress installations, potentially leading to website defacement, data theft, and further malicious activity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site running a vulnerable version of the Aimogen Pro plugin (up to 2.8.4).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003eaiomatic_call_google_ai_function\u003c/code\u003e endpoint, which is accessible due to the missing capability check.\u003c/li\u003e\n\u003cli\u003eThe request is designed to exploit this missing check, allowing the attacker to call and leverage the \u003ccode\u003eaimogen_wp_god_mode\u003c/code\u003e tool.\u003c/li\u003e\n\u003cli\u003eUsing the \u003ccode\u003eaimogen_wp_god_mode\u003c/code\u003e tool, the attacker clears internal function blacklists, removing restrictions on which PHP functions can be executed.\u003c/li\u003e\n\u003cli\u003eThe attacker then executes arbitrary PHP functions on the server.\u003c/li\u003e\n\u003cli\u003eA specific PHP function call is used to create a new administrator account within the WordPress installation.\u003c/li\u003e\n\u003cli\u003eWith the newly created administrator account, the attacker gains full control over the WordPress site, enabling further malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-15982 grants an unauthenticated attacker full administrator privileges on the targeted WordPress site. This leads to complete compromise of the website, allowing for actions such as website defacement, content modification, data exfiltration, injection of malicious code (e.g., malware, spam, phishing pages), and unauthorized redirection of traffic. The integrity and availability of the affected website are severely compromised, potentially leading to reputational damage, financial losses, and regulatory penalties. There is no specific information on the number of victims or sectors targeted, but any WordPress site running the vulnerable plugin is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-15982 immediately by updating the Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot \u0026amp; Automation Toolkit plugin to version 2.8.5 or higher.\u003c/li\u003e\n\u003cli\u003eRegularly review WordPress user accounts for any newly created or suspicious administrator accounts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T06:18:32Z","date_published":"2026-07-17T06:18:32Z","id":"https://feed.craftedsignal.io/briefs/2026-07-aimogen-pro-privilege-escalation/","summary":"A critical privilege escalation vulnerability, CVE-2026-15982, exists in the Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot \u0026 Automation Toolkit WordPress plugin, affecting versions up to and including 2.8.4, allowing unauthenticated attackers to leverage the 'aimogen_wp_god_mode' tool to clear function blacklists, execute arbitrary PHP functions, and create administrator accounts, leading to full compromise of the WordPress site.","title":"Privilege Escalation Vulnerability in Aimogen Pro WordPress Plugin","url":"https://feed.craftedsignal.io/briefs/2026-07-aimogen-pro-privilege-escalation/"}],"language":"en","title":"CraftedSignal Threat Feed - Aimogen","version":"https://jsonfeed.org/version/1.1"}