An incorrect privilege assignment vulnerability in the AIWU plugin allows attackers to gain unauthorized elevated access to the WordPress site.

The plugin incorrectly handles user permissions, which can be exploited to perform an unauthorized privilege escalation, effectively granting the attacker administrative capabilities.

Successful exploitation allows an attacker to compromise the site, modify content, and access sensitive user data. With a CVSS score of 9.8, this represents a critical risk to the confidentiality and integrity of the affected website.

Immediate Action: Update the AIWU plugin to the latest version to remediate the privilege management flaw.

Proactive Monitoring: Review WordPress user roles and permissions regularly and check for any unexpected account modifications.

Compensating Controls: Implement strict file permission controls and use a security plugin to monitor for unauthorized administrative actions.

Public Exploit Available: Unknown

Privilege escalation vulnerabilities are extremely high-risk. Users of the AIWU plugin must update to the patched version immediately and conduct a thorough audit of their WordPress user accounts to ensure no malicious accounts have been added.