Ai Copilot
Monthly
Privilege escalation and full site takeover affects the AI Copilot WordPress plugin before 1.5.4, which fails to bind OAuth access tokens to a specific WordPress user and treats any valid token as an administrator session. An unauthenticated attacker who completes the plugin's public OAuth flow can invoke privileged MCP (Model Context Protocol) tools as an administrator, creating new users and escalating roles. Publicly available exploit code exists and the flaw carries a CVSS 9.8; no active exploitation has been confirmed (not in CISA KEV).
Privilege escalation and full site takeover affects the AI Copilot WordPress plugin before 1.5.4, which fails to bind OAuth access tokens to a specific WordPress user and treats any valid token as an administrator session. An unauthenticated attacker who completes the plugin's public OAuth flow can invoke privileged MCP (Model Context Protocol) tools as an administrator, creating new users and escalating roles. Publicly available exploit code exists and the flaw carries a CVSS 9.8; no active exploitation has been confirmed (not in CISA KEV).