2 min read

Intruder says AI found a WordPress zero-day end to end

Intruder says its LLM-based pipeline found and exploited a WordPress plugin flaw with no human in the loop, starting with the top 200 plugins.

Image: BleepingComputer

Intruder says it built an automated pipeline that can find and exploit real software vulnerabilities using current LLMs, and its first reported result is CVE-2026-3985, a SQL injection bug in the Creative Mail WordPress plugin. In a sponsored post on BleepingComputer, Sam Pizzey, Security Engineer at Intruder, said the system discovered a remote, multi-stage flaw in a plugin with more than 300,000 users, with no human in the loop from discovery through exploitation.

The company argues that simply pointing an LLM at an entire codebase is both expensive and noisy. Instead, it uses what it calls program slices: narrowed sets of relevant functions and call chains pulled from a code scanning engine, so the model sees only the code tied to a possible vulnerability.

According to Intruder, the pipeline starts by running Joern against a codebase using broad rules meant to catch potentially interesting patterns. For this test, it targeted unauthenticated WordPress plugin attack surfaces, including REST routes, template hooks, and nopriv AJAX calls. Joern then generated slices for each hook, tracing the called function and the methods further down the chain, while basic taint tracking filtered out code paths already protected by known-safe sanitizers.

Recommended reading

AI won’t replace penetration testers just yet

Flow chart
Flow chart

Intruder said a lighter model, Sonnet, handled initial triage, filtering out obviously benign findings. More promising cases were then passed to Opus to judge exploitability with the relevant call context in memory. If the model decided a bug looked exploitable, a final agent attempted to write an exploit, using targeted source searches and a Docker container running the software for testing.

The company said it aimed the system at the top 200 WordPress plugins, reasoning that these projects had already been heavily examined by bug bounty researchers. The first issue it found, CVE-2026-3985, affects Creative Mail when WooCommerce is also installed. Intruder described the impact as database read access, including admin hashes and secret tokens, and said the exploit required multiple chained requests, making it harder for traditional tooling to catch.

Intruder said its exploitation agent produced a working proof of concept in one shot, including a verification check and a method for extracting password hashes from the database. The company also noted that the same flaw was found independently by Dmitrii Ignatyev of CleanTalk Inc., who reported it to Wordfence.

At the time of publication, the Creative Mail plugin had been pulled from the WordPress store pending review. Intruder advises users running Creative Mail alongside WooCommerce to disable the plugin until a patch is available.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via BleepingComputer

// Keep reading