CVE-2026-15982 PUBLISHED

Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function'

Assigner: Wordfence
Reserved: 16.07.2026 Published: 17.07.2026 Updated: 17.07.2026

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic_call_google_ai_function' function. This makes it possible for unauthenticated attackers to leverage the 'aimogen_wp_god_mode' tool to clear function blacklists and execute arbitrary PHP functions, such as creating administrator accounts.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Product Status

Vendor CodeRevolution
Product Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit
Versions Default: unaffected
  • affected from 0 to 2.8.4 (incl.)

Credits

  • Bao Le finder

References

Problem Types

  • CWE-269 Improper Privilege Management CWE