EUVD-2026-13522
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as 'update_option' to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Analysis
The Aimogen Pro plugin for WordPress contains an arbitrary function call vulnerability allowing unauthenticated attackers to execute privileged WordPress functions without authorization. All versions up to and including 2.7.5 are affected, enabling attackers to modify critical site settings such as changing the default user registration role to administrator, then registering as an admin to gain full site control. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all installations of Aimogen Pro plugin version 2.7.5 and below across your WordPress infrastructure; disable or deactivate the plugin immediately if no business-critical dependency exists. Within 7 days: Contact Aimogen Pro vendor for patch timeline and ETA; implement temporary network or WAF controls to restrict plugin access if disablement is not feasible; review admin user accounts for unauthorized creation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today