{
  "title": "CVE of the day — CVE-2026-9810 (CVSS 9,8, criticism)",
  "title_variants": [
    {
      "id": "v0",
      "title": "CVE of the day — CVE-2026-9810 (CVSS 9,8, criticism)"
    },
    {
      "id": "v1",
      "title": "CVSS 9,8"
    },
    {
      "id": "v2",
      "title": "CVE-2026-9810: critical vulnerability, CVSS 9.8/10, type management improper privileges,"
    }
  ],
  "description": "CVE-2026-9810: critical vulnerability, CVSS 9.8/10, type management improper privileges, exploitable remotely, without privileges, without user interaction. The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator..",
  "keywords": [
    "c",
    "cve-2026-9810",
    "vulnerability",
    "critical vulnerability",
    "♪",
    "cvs",
    "cybersecurity",
    "cybersecurity",
    "♪",
    "security update"
  ],
  "scenes": [
    {
      "title": "CVE-2026- 9810",
      "subtitle": "CVSS 9,8",
      "text": "CVE-2026-9810: Critical gravity, CVSS score 9,8 out of 10 according to the National Vulnerability Database."
    },
    {
      "title": "Management of improper privileges",
      "subtitle": "management improper privileges · CVSS v3.1",
      "text": "The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public.."
    },
    {
      "title": "EXPOSURE AND MITIGATION",
      "subtitle": "remotely exploitable, without privileges, without user interaction",
      "text": "Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD."
    }
  ],
  "publication_date": "2026-07-19T00:04:37.423Z",
  "duration": 20,
  "topic": "cve",
  "lang": "en",
  "translation_group": "cve-2026-07-19",
  "poster": "cve-2026-07-19-en.jpg",
  "preview": "cve-2026-07-19-en.gif",
  "og_card": "cve-2026-07-19-en.og.jpg",
  "audiogram": "cve-2026-07-19-en.audiogram.mp4",
  "captions": "cve-2026-07-19-en.vtt",
  "generation": {
    "procedural": true,
    "ai_generated": [
      "background",
      "voice"
    ],
    "real_data_source": "official public API",
    "filmed_real_event": false,
    "disclosure": "Procedurally generated from real public-source data; abstract AI-generated backgrounds; synthetic (TTS) voice. No real event is filmed or altered."
  },
  "transcript_text": "CVE-2026-9810: Critical gravity, CVSS score 9,8 out of 10 according to the National Vulnerability Database. The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public.. Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD.",
  "transcript": [
    {
      "start": 0,
      "end": 6.667,
      "text": "CVE-2026-9810: Critical gravity, CVSS score 9,8 out of 10 according to the National Vulnerability Database."
    },
    {
      "start": 6.667,
      "end": 13.333,
      "text": "The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public.."
    },
    {
      "start": 13.333,
      "end": 20,
      "text": "Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD."
    }
  ]
}