Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Unauthorized access to WordPress plugin's API settings possible
CVE-2026-1981
Summary
The HUMN-1 AI Website Scanner & Human Certification plugin for WordPress allows attackers with Subscriber-level access to change its API settings. This could lead to unauthorized access to sensitive data or disruptions to the plugin's functionality. Update the plugin to a version higher than 0.0.3 to fix this issue.
Original title
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston_disconnect...
Original description
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston_disconnect() function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's API connection settings via the 'winston_disconnect' AJAX action.
nvd CVSS3.1
4.3
Vulnerability type
CWE-862
Missing Authorization
- https://plugins.trac.wordpress.org/browser/winston-ai-wp/tags/0.0.3/ajax/Ajax_Ad...
- https://plugins.trac.wordpress.org/browser/winston-ai-wp/tags/0.0.3/ajax/Ajax_Ad...
- https://plugins.trac.wordpress.org/browser/winston-ai-wp/trunk/ajax/Ajax_Admin.p...
- https://plugins.trac.wordpress.org/browser/winston-ai-wp/trunk/ajax/Ajax_Admin.p...
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b1a82073-ab63-42dd-9bc...
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026