CVE-2025-10901: 
WordPress vulnerability analysis and mitigation

The Originality.ai AI Checker plugin for WordPress contains a vulnerability (CVE-2025-10901) discovered in versions up to and including 1.0.12. The vulnerability was disclosed on October 23, 2025, and involves a missing authorization check that could allow unauthorized access to sensitive data (NVD).

The vulnerability stems from a missing capability check in the 'aigettable' function, which allows authenticated users with Subscriber-level access or higher to access sensitive information stored in the wporiginalityailog database table. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating a low-complexity attack requiring low privileges (Wordfence).

When exploited, this vulnerability allows authenticated attackers to access sensitive information stored in the wporiginalityailog database table. The exposed data includes post titles, scan scores, credits used, and other potentially sensitive information (NVD).

Website administrators running the Originality.ai AI Checker plugin should update to a version newer than 1.0.12 once available. Until then, it is recommended to review and potentially restrict user roles with access to the plugin's functionality (NVD).