Description
WordPress Plugin 10Web AI Assistant-AI content writing assistant is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently install and activate any plugin from the WordPress repo. WordPress Plugin 10Web AI Assistant-AI content writing assistant version 1.0.18 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.19 or latest
References
Related Vulnerabilities
WordPress Plugin Log Emails Information Disclosure (1.0.6)
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
Nexus Repository Manager Incorrect Authorization Vulnerability (CVE-2018-16620)
WordPress Plugin Pardakht Delkhah Cross-Site Scripting (2.9.2)
WordPress 4.3.x Cross-Site Scripting Vulnerability (4.3 - 4.3.3)