Approved changes feed: RSS · Atom
cpe:2.3:a:aiktp:aiktp:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aiktp (88163159-9f0c-5cb7-97d7-fdede6430d0d) |
|---|---|
| Product | Aiktp (18116b41-6bdb-5859-bbd6-faf1a9c13f58) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1103 |
vulnerable | 2026-06-08 07:47:14.325848 |
AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions
MEDIUM (5.4)
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify_user_logged_in' as a permission callback, which only checks if a user is logged in, but fails to verify if the user has administrative capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to retrieve the administrator's 'aiktpz_token' access token, which can then be used to create posts, upload media library files, and access private content as the administrator.
Published: 2026-01-24T07:26:44.703Z
Updated: 2026-04-08T17:04:25.213Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.