{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T06:05:18.512","vulnerabilities":[{"cve":{"id":"CVE-2026-1103","sourceIdentifier":"security@wordfence.com","published":"2026-01-24T08:16:09.347","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify_user_logged_in' as a permission callback, which only checks if a user is logged in, but fails to verify if the user has administrative capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to retrieve the administrator's 'aiktpz_token' access token, which can then be used to create posts, upload media library files, and access private content as the administrator."},{"lang":"es","value":"El plugin AIKTP para WordPress es vulnerable a la modificación no autorizada de datos debido a la falta de comprobaciones de autorización en el endpoint de la API REST /aiktp/getToken en todas las versiones hasta la 5.0.04, inclusive. El endpoint utiliza 'verify_user_logged_in' como callback de permisos, que solo comprueba si un usuario ha iniciado sesión, pero no verifica si el usuario tiene capacidades administrativas. Esto hace posible que atacantes autenticados con acceso de nivel Suscriptor y superior recuperen el token de acceso 'aiktpz_token' del administrador, que luego puede ser utilizado para crear publicaciones, subir archivos de la librería de medios y acceder a contenido privado como el administrador."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/aiktp/tags/5.0.04/includes/aiktp-sync.php#L123","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/aiktp/tags/5.0.04/includes/aiktp-sync.php#L143","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3445248%40aiktp&new=3445248%40aiktp","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84846d95-792d-4569-b0eb-876d82d0beee?source=cve","source":"security@wordfence.com"}]}}]}