CVE-2026-4375 in Integrator Plugin
Summary
by MITRE • 07/07/2026
The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/07/2026
The DoLeads Integrator and wp2epub WordPress plugins versions up to 0.65 contain critical vulnerabilities that enable remote code execution when installed on WordPress sites. These vulnerabilities arise from improper access controls and lack of proper validation during plugin installation processes, allowing unauthorized users to exploit the system and gain administrative privileges.
The technical flaw stems from the plugins' failure to implement proper authentication checks when processing plugin installations or updates from wordpress.org. Attackers can leverage this weakness by crafting malicious requests that bypass normal installation restrictions, effectively enabling them to install arbitrary code on compromised WordPress instances. This vulnerability specifically affects the plugin management system's handling of extension installations, where input validation is insufficient to prevent unauthorized modifications.
The operational impact of these vulnerabilities is severe and far-reaching for affected WordPress installations. Once exploited, attackers can execute arbitrary commands on the web server with the privileges of the WordPress application user. This level of access allows for complete compromise of the affected site, including data exfiltration, defacement, or deployment of additional malicious payloads. The vulnerabilities are particularly dangerous because they enable attackers to install plugins without proper authorization, creating persistent backdoors and maintaining long-term access to compromised systems.
Organizations should immediately update to patched versions of both plugins if available, as the vulnerabilities have been identified and documented in security advisories. System administrators must also implement network-level restrictions to prevent unauthorized plugin installations and monitor for suspicious plugin activity. According to CWE standards, this vulnerability relates to CWE-20: Improper Input Validation and CWE-79: Cross-Site Scripting, while ATT&CK framework categorizes it under T1190: Exploit Public-Facing Application and T1059: Command and Scripting Interpreter techniques. Additional mitigations include implementing web application firewalls, restricting plugin installation capabilities to trusted administrators only, and conducting regular security audits of installed plugins to identify potential malicious modifications.