Back to overview

CVE-2026-4375

Description
The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.

Metadata

CVE ID
CVE-2026-4375
State
PUBLISHED
Assigner
WPScan
Reserved
2026-03-18 12:16 UTC
Published
2026-07-07 06:00 UTC
Last updated
2026-07-07 06:00 UTC
Vendor / Product
Unknown / DoLeads Integrator
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (2)
VendorProductPlatformVersions
Unknown DoLeads Integrator 0 ≤ 0.65
Unknown wp2epub 0 ≤ 0.65
Weakness (CWE)
CWESourceDescription
cna CWE-94 Improper Control of Generation of Code ('Code Injection')
Back to overview