Skip to main content

Gw Ai Website Builder

1 CVEs product

Monthly

CVE-2026-1946 MEDIUM This Month

Unauthorized GravityWrite disconnection in the GW AI Website Builder WordPress plugin (versions ≤ 1.0.1) is achievable by any authenticated subscriber-level user due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() AJAX function. The flaw allows low-privilege WordPress accounts to sever the plugin's integration with the GravityWrite AI service, degrading AI-powered site-building functionality for all users. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; impact is confined to service integrity disruption rather than data exfiltration or code execution.

Authentication Bypass WordPress Gw Ai Website Builder
NVD
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

Unauthorized GravityWrite disconnection in the GW AI Website Builder WordPress plugin (versions ≤ 1.0.1) is achievable by any authenticated subscriber-level user due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() AJAX function. The flaw allows low-privilege WordPress accounts to sever the plugin's integration with the GravityWrite AI service, degrading AI-powered site-building functionality for all users. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; impact is confined to service integrity disruption rather than data exfiltration or code execution.

Authentication Bypass WordPress Gw Ai Website Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy