Description
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify_user_logged_in' as a permission callback, which only checks if a user is logged in, but fails to verify if the user has administrative capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to retrieve the administrator's 'aiktpz_token' access token, which can then be used to create posts, upload media library files, and access private content as the administrator.
Published: 2026-01-24
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege escalation to administrator data modification via missing authorization
Action: Immediate patch
AI Analysis

Impact

The AIKTP plugin for WordPress contains a missing authorization check on the /aiktp/getToken REST API endpoint. The endpoint only verifies that a user is logged in, not that the user has administrative capabilities. As a result, any authenticated user with Subscriber-level access or higher can retrieve the administrator's access token. This token enables the attacker to create posts, upload media files, and access private content with administrator privileges, effectively giving them full control over the site's content management without proper authorization.

Affected Systems

WordPress sites running the AIKTP plugin version 5.0.04 or earlier. The vulnerability affects the AIKTP plugin shipped under the vendor aiktp, identified as AIKTP up to and including version 5.0.04.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity vulnerability. The EPSS score of less than 1% suggests a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to be authenticated with at least Subscriber privileges. Once authenticated, the attacker can call the vulnerable endpoint to obtain an administrator token and then perform privileged actions. The lack of a strict permission check makes the attack straightforward for anyone with valid credentials, but the limited exploitation probability keeps the immediate risk moderate.

Generated by OpenCVE AI on April 15, 2026 at 19:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the AIKTP plugin to the latest version that secures or removes the /aiktp/getToken endpoint.
  • If an upgrade is not immediately possible, disable the /aiktp/getToken endpoint by deactivating the plugin or removing the endpoint code.
  • Ensure that only users with administrative roles can use REST API endpoints by tightening role capabilities and verifying that Subscriber accounts lack higher privileges.

Generated by OpenCVE AI on April 15, 2026 at 19:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Sat, 24 Jan 2026 07:45:00 +0000

Type Values Removed Values Added
Description The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify_user_logged_in' as a permission callback, which only checks if a user is logged in, but fails to verify if the user has administrative capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to retrieve the administrator's 'aiktpz_token' access token, which can then be used to create posts, upload media library files, and access private content as the administrator.
Title AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:04:25.213Z

Reserved: 2026-01-17T00:47:31.833Z

Link: CVE-2026-1103

cve-icon Vulnrichment

Updated: 2026-01-26T18:19:11.298Z

cve-icon NVD

Status : Deferred

Published: 2026-01-24T08:16:09.347

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1103

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T19:15:12Z

Weaknesses