Home

Description

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.

PUBLISHED Reserved 2026-03-18 | Published 2026-07-07 | Updated 2026-07-07 | Assigner WPScan

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unknown

Any version
affected

Default status
unknown

Any version
affected

Credits

Erwan LR (WPScan) finder

WPScan coordinator

References

wpscan.com/...rability/dd043e6c-e6c6-4c8d-aab0-5265d28f5cf6/ exploit vdb-entry technical-description

cve.org (CVE-2026-4375)

nvd.nist.gov (CVE-2026-4375)

Download JSON