CVE-2026-7522
Local File Inclusion in Advanced Database Cleaner β Premium WordPress Plugin
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sigmaplugin | advanced_database_cleaner | to 4.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Advanced Database Cleaner β Premium plugin for WordPress has a Local File Inclusion (LFI) vulnerability in versions up to and including 4.1.0. This vulnerability exists in the 'template' parameter, which allows authenticated users with Subscriber-level access or higher to include and execute arbitrary PHP files on the server.
By exploiting this vulnerability, an attacker can run any PHP code contained in those files, potentially bypassing access controls, accessing sensitive data, or executing malicious code on the server.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized code execution on your server. An attacker with minimal privileges (Subscriber-level) can exploit it to run arbitrary PHP code, which may lead to bypassing security controls, stealing sensitive information, or taking full control of the affected WordPress site.
Such exploitation can compromise the integrity, confidentiality, and availability of your website and its data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Advanced Database Cleaner β Premium plugin to version 4.1.1 or later, as this version includes security patches addressing vulnerabilities.
Additionally, restrict or review user permissions to ensure that only trusted users have Subscriber-level access or higher, since the vulnerability requires authenticated access.
Consider monitoring and auditing your WordPress installation for any suspicious activity related to file inclusion or PHP code execution.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary PHP files on the server. This can lead to bypassing access controls and obtaining sensitive data.
Such unauthorized access and potential data exposure could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data and preventing unauthorized access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Local File Inclusion via the 'template' parameter in the Advanced Database Cleaner β Premium WordPress plugin versions up to 4.1.0. Detection typically involves monitoring for suspicious HTTP requests that include the 'template' parameter with unexpected or malicious values.
To detect exploitation attempts on your network or system, you can inspect web server logs for requests targeting the vulnerable plugin endpoints that include the 'template' parameter. For example, using command-line tools like grep on Apache or Nginx access logs:
- grep -i 'template=' /var/log/apache2/access.log
- grep -i 'template=' /var/log/nginx/access.log
Additionally, you can use tools like curl or wget to test if the plugin is vulnerable by sending crafted requests with the 'template' parameter to see if arbitrary PHP files can be included or executed. However, such testing should only be done in a controlled environment with proper authorization.
Since the vulnerability requires authenticated access at Subscriber level or above, monitoring for unusual authenticated user activity or unexpected file inclusions in the plugin's directory may also help detect exploitation.