Home / Vulnerability Intelligence / CVE-2026-4038

CVE-2026-4038 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 20, 2026

Aimogen Pro WordPress Plugin - Privilege Escalation

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Aimogen Pro WordPress plugin <= 2.7.5 contains an arbitrary function call vulnerability caused by missing capability check in 'aiomatic_call_ai_function_realtime', letting unauthenticated attackers escalate privileges by calling arbitrary WordPress functions.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can escalate privileges to administrator, gaining full control over the WordPress site.

Mitigation

Update to the latest version beyond 2.7.5.

References

Social Media Activity(2 posts)

Offensive Sequence

@offseq

Mar 20, 2026

⚠️ CVE-2026-4038 (CRITICAL): Aimogen Pro WP plugin lets unauthenticated attackers gain admin via missing auth in aiomatic_call_ai_function_realtime. All versions affected. Disable plugin & monitor site integrity! https://radar.offseq.com/threat/cve-2026-4038-cwe-862-missing-authorization-in-cod-c5151216 #OffSeq #WordPress #CVE20264038

View original post

Offensive Sequence

@offseq

Mar 20, 2026

View original post

Related Resources

Details

CVE ID: CVE-2026-4038
Severity: Critical
CVSS Score: 9.8
Type: broken_access_control
Status: new
EPSS: 0.0%
Social Posts: 2

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days