WordPress AIWU Plugin SQLi: Unauthenticated Data Extraction
The National Vulnerability Database has disclosed CVE-2026-2993, a high-severity SQL Injection vulnerability affecting the AI Chatbot & Workflow Automation by AIWU plugin for WordPress. Versions up to and including 1.4.17 are impacted. The flaw stems from insufficient escaping of user-supplied parameters and a lack of proper SQL query preparation within the getListForTbl() function.
This critical vulnerability allows unauthenticated attackers to inject arbitrary SQL queries, enabling the extraction of sensitive information directly from the database. While a partial mitigation was introduced in version 1.4.11, adding a nonce check, this nonce is only available to authenticated administrators, leaving unauthenticated attack vectors open on earlier patched versions.
Attackers will prioritize targeting WordPress sites running this plugin, as it offers a straightforward path to data exfiltration without requiring any prior authentication. The low attack complexity and high impact on confidentiality make this a prime target for opportunistic threat actors.
What This Means For You
- If your organization uses the AI Chatbot & Workflow Automation by AIWU plugin on your WordPress sites, you must immediately verify the installed version. Patch to the latest available version beyond 1.4.17 to remediate CVE-2026-2993. Prioritize external-facing WordPress instances.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-2993 - AIWU WordPress Plugin SQL Injection
title: CVE-2026-2993 - AIWU WordPress Plugin SQL Injection
id: scw-2026-05-12-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit the SQL injection vulnerability in the AIWU WordPress plugin (versions up to 1.4.17) by looking for specific parameters and function calls within the URI query string. The presence of 'getListForTbl', '_wpnonce', and 'aiwu_chatbot_get_list' in the query strongly suggests an attempt to exploit CVE-2026-2993 for unauthenticated data extraction.
author: SCW Feed Engine (AI-generated)
date: 2026-05-12
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-2993/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- "getListForTbl"
cs-uri-query|contains:
- "_wpnonce"
cs-uri-query|contains:
- "aiwu_chatbot_get_list"
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-2993 | SQLi | AI Chatbot & Workflow Automation by AIWU plugin for WordPress versions <= 1.4.17 |
| CVE-2026-2993 | SQLi | Vulnerable function: getListForTbl() |
| CVE-2026-2993 | SQLi | Attack vector: Unauthenticated SQL Injection |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 12, 2026 at 12:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-45218: WP Travel Blind SQL Injection Puts User Data at Risk
CVE-2026-45218 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This...
CVE-2026-45215 — Saad Iqbal WP EasyPay Wp-Easy-Pay Vulnerability
CVE-2026-45215 — Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay:...
Xpro Elementor Addons SQL Injection (CVE-2026-45214) Poses High Risk
CVE-2026-45214 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This...