CVE-2026-15982 in Aimogen Pro Plugin
Summary
by MITRE • 07/17/2026
The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic_call_google_ai_function' function. This makes it possible for unauthenticated attackers to leverage the 'aimogen_wp_god_mode' tool to clear function blacklists and execute arbitrary PHP functions, such as creating administrator accounts.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/17/2026
The Aimogen Pro WordPress plugin presents a critical privilege escalation vulnerability that affects all versions up to and including 2.8.4, creating a significant security risk for WordPress installations. This vulnerability stems from a fundamental flaw in the plugin's access control mechanisms, specifically within the 'aiomatic_call_google_ai_function' function which lacks proper capability checks. The absence of authentication verification allows unauthenticated attackers to exploit this weakness and gain elevated privileges within the WordPress environment. The vulnerability is particularly dangerous because it enables attackers to leverage the 'aimogen_wp_god_mode' tool, which provides unrestricted access to core WordPress functionalities that should normally be restricted to authorized administrators only.
The technical exploitation of this vulnerability occurs through a carefully crafted attack vector that bypasses standard WordPress security controls. When an attacker accesses the vulnerable function without proper authentication, they can utilize the god mode functionality to clear the function blacklist that normally restricts dangerous operations within the plugin. This blacklisting mechanism is designed to prevent execution of potentially harmful PHP functions, but the missing capability check renders this protection ineffective. The consequence of this flaw allows attackers to execute arbitrary PHP code with elevated privileges, which creates a complete compromise of the WordPress installation and enables them to perform actions that would normally require administrator-level access.
The operational impact of this privilege escalation vulnerability extends far beyond simple unauthorized access, as it provides attackers with complete control over the compromised WordPress environment. Once an attacker successfully exploits this vulnerability, they can create new administrator accounts, modify existing user permissions, install malicious plugins, and potentially escalate their access further within the network infrastructure. The ability to execute arbitrary PHP functions means that attackers can manipulate database content, modify website files, and even establish persistent backdoors for continued unauthorized access. This vulnerability essentially transforms any WordPress site running the affected plugin into a potential entry point for broader security breaches and data compromise.
Security professionals should immediately implement mitigations to address this critical vulnerability, including upgrading to the latest version of the Aimogen Pro plugin where the capability check has been properly implemented. The fix must ensure that all functions requiring elevated privileges perform proper authentication and authorization checks before execution. Organizations running affected versions should also consider implementing network-level restrictions to limit access to the vulnerable endpoints and monitor for suspicious activities in their WordPress logs. According to CWE guidelines, this vulnerability maps to CWE-284 which addresses improper access control, while ATT&CK framework references this as privilege escalation through software vulnerabilities. The recommended approach includes not only patching but also conducting thorough security audits of all installed plugins to identify similar access control weaknesses and implementing robust monitoring solutions to detect exploitation attempts.