Aiwu
Monthly
Blind SQL injection in the Sergey "AIWU" ai-copilot-content-generator WordPress plugin (all versions through 1.5.4) allows remote attackers to inject arbitrary SQL into backend database queries, per the CVSS:3.1 vector without requiring authentication or user interaction. Because the scope is changed and confidentiality impact is High, an attacker can exfiltrate sensitive database contents (WordPress user credentials, secrets, PII) via time- or boolean-based blind techniques. No public exploit identified at time of analysis and the issue is not on CISA KEV, but its high CVSS (9.3) and the fact that it was catalogued by Patchstack make it a credible risk for exposed WordPress sites.
Blind SQL injection in the Sergey "AIWU" ai-copilot-content-generator WordPress plugin (all versions through 1.5.4) allows remote attackers to inject arbitrary SQL into backend database queries, per the CVSS:3.1 vector without requiring authentication or user interaction. Because the scope is changed and confidentiality impact is High, an attacker can exfiltrate sensitive database contents (WordPress user credentials, secrets, PII) via time- or boolean-based blind techniques. No public exploit identified at time of analysis and the issue is not on CISA KEV, but its high CVSS (9.3) and the fact that it was catalogued by Patchstack make it a credible risk for exposed WordPress sites.