CVE-2026-22390
Code Injection Vulnerability in Builderall WordPress Plugin
Publication date: 2026-03-05
Last updated on: 2026-03-10
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| builderall | builderall_builder_for_wordpress | to 3.0.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-22390 is a Remote Code Execution (RCE) vulnerability in the WordPress plugin "Builderall Builder for WordPress" versions up to and including 3.0.1.'}, {'type': 'paragraph', 'content': 'This vulnerability is caused by improper control of code generation, classified as a code injection issue under OWASP Top 10 A3: Injection.'}, {'type': 'paragraph', 'content': 'It allows a malicious actor with at least Contributor or Developer privileges to execute arbitrary commands on the target website.'}] [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to backdoor access and full control over the compromised WordPress site.
An attacker could execute arbitrary commands, potentially leading to data theft, site defacement, or further attacks on the hosting environment.
Because the vulnerability has a high CVSS severity score of 9.9, it is highly dangerous and likely to be exploited.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
CVE-2026-22390 is a Remote Code Execution vulnerability in the Builderall Builder for WordPress plugin versions up to 3.0.1, exploitable by users with Contributor or Developer privileges. Detection typically involves monitoring for unusual or unauthorized command execution attempts or suspicious activity related to this plugin.
Since no official patch is available and the vulnerability allows arbitrary command execution, detection can include checking for unexpected changes or backdoor files on the WordPress site, reviewing logs for suspicious requests targeting the plugin, and monitoring user activity for privilege abuse.
Specific commands are not provided in the available resources. However, general detection commands might include:
- Review web server access logs for suspicious POST requests to plugin endpoints.
- Use WordPress security plugins or tools to scan for modified or unknown files.
- Check for unexpected processes or command executions on the server related to the web server user.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack mitigation rule designed to block attacks targeting this vulnerability until an official patch is released.
Additionally, restrict user privileges by ensuring that only trusted users have Contributor or Developer roles, as exploitation requires these privileges.
Monitoring and hardening the WordPress environment, disabling or removing the vulnerable plugin if possible, and keeping backups are also recommended.