CVE-2026-9810 in AI Copilot Plugin
Summary
by MITRE • 07/17/2026
The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitrary user creation and role escalation.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/17/2026
The AI Copilot WordPress plugin version 1.5.3 and earlier contains a critical authentication bypass vulnerability that stems from improper session management and token validation mechanisms. This flaw allows unauthenticated attackers to exploit the plugin's OAuth implementation to gain administrative privileges within the WordPress environment. The vulnerability specifically manifests in the plugin's failure to properly bind OAuth access tokens to individual WordPress user accounts, creating a dangerous condition where any valid OAuth token can be used to establish an administrator session regardless of the original user context.
The technical nature of this vulnerability aligns with CWE-287 which addresses improper authentication issues, and more specifically relates to CWE-305 which covers authentication bypass through multiple means. The flaw occurs because the plugin does not validate that the OAuth token being presented corresponds to the intended WordPress user account, instead accepting any valid token from the OAuth provider as sufficient authentication for administrative functions. This represents a fundamental breakdown in the principle of least privilege and proper session binding mechanisms that should prevent token reuse across different user contexts.
From an operational impact perspective, this vulnerability enables attackers to execute privileged management commands through the MCP tools interface that are typically restricted to authenticated administrators. The ability to create arbitrary user accounts and escalate roles provides attackers with persistent access and control over the affected WordPress installation. This vulnerability can be exploited by completing the public OAuth flow without requiring prior authentication, making it particularly dangerous as it requires no initial access credentials or exploitation of other vulnerabilities within the system.
The attack surface for this vulnerability is significant given that WordPress plugins are often deployed in environments where administrators may have elevated privileges and access to sensitive data. The exploitation process involves an attacker completing the public OAuth flow to obtain a valid token, then using that token to perform administrative operations through the AI Copilot plugin's interface. This creates a scenario where attackers can effectively bypass traditional authentication mechanisms and gain complete control over the WordPress installation.
Mitigation strategies should focus on implementing proper token binding mechanisms that associate OAuth tokens with specific WordPress user accounts and enforcing strict session validation procedures. Organizations should immediately update to version 1.5.4 or later of the AI Copilot plugin to address this vulnerability. Additionally, administrators should implement network-level restrictions on access to the plugin's administrative interfaces and consider monitoring for unusual authentication patterns or token usage that could indicate exploitation attempts. Security controls should include validating token ownership before granting administrative privileges and implementing proper session management with timeout mechanisms to prevent prolonged unauthorized access. The remediation process should also involve reviewing all existing OAuth tokens and user sessions to ensure no unauthorized access has occurred during the vulnerable period.