MEDIUM
wupsales
CVE published 2026-05-20
CVE-2026-2955
A stored cross-site scripting (XSS) vulnerability exists in the AI Chatbot & Workflow Automation by AIWU WordPress plugin (versions up to and including 1.4.14). The flaw stems from insufficient input sanitization and output escaping of the X-Forwarded-For HTTP header, allowing unauthenticated attackers to inject arbitrary web scripts. When a user accesses a page containing the injected payload, the script [truncated]