{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4038", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-03-12T06:33:24.393Z", "datePublished": "2026-03-20T03:37:02.014Z", "dateUpdated": "2026-04-08T17:16:49.699Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:49.699Z"}, "affected": [{"vendor": "CodeRevolution", "product": "Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.7.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as 'update_option' to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."}], "title": "Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e45a17-cb41-41ba-ab6c-c83202f0ecfd?source=cve"}, {"url": "https://codecanyon.net/item/aimogen-pro-allinone-ai-content-writer-editor-chatbot-automation-toolkit/38877369"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Hung Nguyen"}], "timeline": [{"time": "2026-03-12T13:27:24.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-19T15:13:07.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T14:28:40.345871Z", "id": "CVE-2026-4038", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:28:46.187Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4038", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T14:28:40.345871Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:28:43.159Z"}}], "cna": {"title": "Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call", "credits": [{"lang": "en", "type": "finder", "value": "Hung Nguyen"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "CodeRevolution", "product": "Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.7.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-12T13:27:24.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-19T15:13:07.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e45a17-cb41-41ba-ab6c-c83202f0ecfd?source=cve"}, {"url": "https://codecanyon.net/item/aimogen-pro-allinone-ai-content-writer-editor-chatbot-automation-toolkit/38877369"}], "descriptions": [{"lang": "en", "value": "The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as 'update_option' to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-20T03:37:02.014Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4038", "state": "PUBLISHED", "dateUpdated": "2026-03-20T14:28:46.187Z", "dateReserved": "2026-03-12T06:33:24.393Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-20T03:37:02.014Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as 'update_option' to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."}, {"lang": "es", "value": "El plugin Aimogen Pro para WordPress es vulnerable a la llamada arbitraria de funciones que puede conducir a la escalada de privilegios debido a una comprobaci\u00f3n de capacidad ausente en la funci\u00f3n 'aiomatic_call_ai_function_realtime' en todas las versiones hasta la 2.7.5, inclusive. Esto permite a atacantes no autenticados llamar a funciones arbitrarias de WordPress, como 'update_option', para actualizar el rol predeterminado de registro a administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso de usuario administrativo a un sitio vulnerable."}], "id": "CVE-2026-4038", "lastModified": "2026-04-22T21:32:08.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-20T04:16:50.300", "references": [{"source": "security@wordfence.com", "url": "https://codecanyon.net/item/aimogen-pro-allinone-ai-content-writer-editor-chatbot-automation-toolkit/38877369"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e45a17-cb41-41ba-ab6c-c83202f0ecfd?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.7.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit", "source": "cna", "vendor": "CodeRevolution"}, "product": "aimogen_pro_-_all-in-one_ai_content_writer,_editor,_chatbot_&_automation_toolkit", "vendor": "coderevolution"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-20T05:23:59.906734+00:00", "value": {"mitigation_remediation": ["Upgrade Aimogen Pro to any version newer than 2.7.5.", "If no newer version is available, temporarily deactivate or uninstall the Aimogen Pro plugin to remove the vulnerability.", "Verify that future updates include proper capability checks on 'aiomatic_call_ai_function_realtime' or related functions."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All WordPress sites that have installed the CodeRevolution Aimogen Pro plugin, specifically versions up to and including 2.7.5, are affected. The vulnerability is exploitable from any external network without needing pre\u2011existing credentials, making the risk broad and immediate. The plugin is available for download via the CodeCanyon marketplace and is actively used in many content\u2011generation workflows.", "description_and_impact": "The vulnerability is an arbitrary function call flaw in the Aimogen Pro WordPress plugin caused by a missing capability check on the function 'aiomatic_call_ai_function_realtime'. Because the plugin does not verify that the caller holds appropriate permissions, unauthenticated attackers can invoke any WordPress function, such as 'update_option', to modify site configuration. This flaw is classified as CWE-862 (Missing Authorization). As a result, attackers can raise the default user registration role to 'Administrator' and enable user registration, enabling them to create a new admin account and gain full administrative control of the site.", "risk_and_exploitability": "The CVSS score of 9.8 denotes a critical severity level, and although EPSS data is not available, the absence of the vulnerability from the CISA KEV catalog does not diminish the risk. Exploitation requires only a crafted HTTP request to the vulnerable endpoint; no additional software or privileged access is needed. If an attacker is able to exploit the flaw, they can achieve full administrative privileges, providing complete confidentiality, integrity and availability compromise of the affected WordPress instance."}}}}, "created": "2026-03-20T08:52:48.495921+00:00", "updated": "2026-03-20T10:37:30.139771+00:00", "vendors": ["coderevolution", "coderevolution$PRODUCT$aimogen_pro_-_all-in-one_ai_content_writer,_editor,_chatbot_&_automation_toolkit", "wordpress", "wordpress$PRODUCT$wordpress"]}