Approved changes feed: RSS · Atom

cpe:2.3:a:aiktp:aiktp:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAiktp (88163159-9f0c-5cb7-97d7-fdede6430d0d)
ProductAiktp (18116b41-6bdb-5859-bbd6-faf1a9c13f58)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-1103 vulnerable 2026-06-08 07:47:14.325848 AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions
MEDIUM (5.4)
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify_user_logged_in' as a permission callback, which only checks if a user is logged in, but fails to verify if the user has administrative capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to retrieve the administrator's 'aiktpz_token' access token, which can then be used to create posts, upload media library files, and access private content as the administrator.
Published: 2026-01-24T07:26:44.703Z
Updated: 2026-04-08T17:04:25.213Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.