AI-Powered Pipeline Uncovers Zero-Day SQL Injection in Popular WordPress Plugin
A team at **Intruder** has demonstrated the practical power of AI in vulnerability research, successfully automating the discovery and exploitation of a zero-day SQL injection in a WordPress plugin with over 300,000 users. This breakthrough showcases how current LLMs, when integrated into sophisticated pipelines, can find novel, exploitable vulnerabilities without human intervention. The findings underscore a rapidly evolving landscape where AI accelerates both offensive and defensive cybersecurity capabilities.

While much of the conversation around AI in vulnerability research remains theoretical, a recent experiment by the team at **Intruder** has provided a tangible example of its capabilities. Their work demonstrates how readily available Large Language Models (LLMs) can be leveraged to find real, exploitable vulnerabilities in production software today.
### The Challenge of AI in Code Scanning
A primary hurdle in pairing AI with code scanners is focus. LLMs excel at analyzing small code segments or specific problems, but struggle when pointed at an entire codebase. The sheer volume of data quickly fills the model's context, diluting its effectiveness and burying potential bugs in noise.
For complex, multi-stage vulnerabilities, maintaining the correct context across different code sections is crucial. Traditional code scanning frameworks, often used in Integrated Development Environments (IDEs) or Language Server Protocol (LSP) tools, address this through techniques like "find implementation" or call graphs. **Intruder** adopted a similar approach, which they term a "program slice," to provide LLMs with focused, relevant code segments.
### **Intruder**'s Automated Pipeline
**Intruder** developed a pipeline that integrates a code scanning engine, **Joern**, with LLMs to triage and exploit identified issues. The design draws inspiration from **nooperator**'s work on **Slice**, though **Intruder** utilizes **Joern** and a custom slicing algorithm tailored for specific vulnerability classes.
The pipeline was directed at the top 200 **WordPress** plugins β a target rich with code already scrutinized by bug bounty researchers, proving the process's ability to compete with human experts.

1. **Broad Pattern Identification**: **Joern** initially scans the codebase using loose rules to flag "interesting" patterns, erring on the side of false positives to avoid missing potential bugs.
2. **Unauthenticated Attack Surface**: For this experiment, the focus was on unauthenticated **WordPress** plugin attack surfaces. **Joern** identified all points where user input could affect a script, such as **REST** routes, template hooks, and `nopriv` **AJAX** calls.
3. **Code Slicing and Taint Tracking**: For each **WordPress** hook, **Joern** generates a "slice" β tracing the function calls down the chain. Basic taint tracking filters out obviously safe functions, like those with known-safe sanitizers for **SQL** and **XSS** inputs.
4. **Lightweight Triage**: Remaining slices are passed to a lightweight LLM (e.g., **Sonnet**) to filter out uninteresting hooks.
5. **Exploitability Assessment**: What's left goes to a heavier model (e.g., **Opus**) to assess exploitability, with the full relevant call context in memory.
6. **Automated Exploitation**: If deemed exploitable, a final exploitation agent attempts to write an exploit. This agent can access the full source if needed for targeted searches and spins up a **Docker** container to test the exploit in a live environment.
### The First Discovery: **CVE-2026-3985**
The pipeline's first significant find was **CVE-2026-3985**, a blind **SQL** injection vulnerability in the **Creative Mail** plugin. This vulnerability stood out for several reasons:
* **High Impact**: It grants attackers read access to the database, including admin hashes and secret tokens.
* **Chained Requests**: Exploitation requires multiple chained requests, making it harder for traditional tools to detect.
* **Evasion of Static Analysis**: The root cause was hidden from the developer's own static analysis due to a coding error.
Exploitation of **CVE-2026-3985** requires **WooCommerce** to be installed alongside **Creative Mail**. Given **WooCommerce**'s widespread use (over 7 million active installs), this combination is common, increasing the attack surface.

The exploitation agent successfully generated a working proof-of-concept, including a confirmation check and a full method for extracting password hashes from the database. The vulnerability was independently discovered and reported by Dmitrii Ignatyev of **CleanTalk Inc.** to **Wordfence**.
**Creative Mail** has since been removed from the **WordPress** store. Users running **Creative Mail** with **WooCommerce** are advised to disable the plugin immediately until a patch becomes available.
For comprehensive technical details, refer to **Intruder**'s full write-up.
### The Accelerating Pace of Vulnerability Discovery
This is just the initial success for **Intruder**'s pipeline, with more vulnerabilities currently under disclosure. The experiment highlights the undeniable and growing role of AI in vulnerability research.
As defenders build frameworks to maximize the potential of current AI models, attackers are also adopting similar tooling to feed AI high-signal input. This means the speed advantage demonstrated by **Intruder** is not exclusive to defensive efforts. The rapid acceleration of vulnerability discovery necessitates equally rapid advancements in detection capabilities.
**Intruder** plans to integrate vulnerabilities discovered by their "vending machine" into their platform, ensuring that subsequent scans can find and report these issues.