CVE-2026-4375
Received Received - Intake

Remote Code Execution in DoLeads Integrator WordPress Plugin

Vulnerability report for CVE-2026-4375, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: WPScan

Description

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
do_leads integrator to 1.2.2 (inc)
wp2epub wp2epub to 0.65 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-4375 affects two WordPress plugins: DoLeads Integrator (versions 1.2.2 and below) and wp2epub (versions 0.65 and below).

Both plugins are vulnerable to unauthenticated Remote Code Execution (RCE) due to unclosed extensions from WordPress.org that can be exploited by unauthorized users.

This vulnerability allows attackers to execute arbitrary code on the affected WordPress sites without authentication.

Impact Analysis

The vulnerability allows attackers to execute arbitrary code remotely on your WordPress site if you are using the affected versions of the DoLeads Integrator or wp2epub plugins.

  • Attackers can gain control over your website.
  • They may be able to modify, delete, or steal data.
  • It can lead to site defacement, data breaches, or further attacks on your infrastructure.
Mitigation Strategies

There are currently no fixes available for the DoLeads Integrator and wp2epub WordPress plugins affected by this vulnerability.

Since the vulnerability allows unauthenticated Remote Code Execution (RCE) due to unclosed extensions from WordPress.org, immediate mitigation steps include removing or disabling these vulnerable plugins from your WordPress installation to prevent exploitation.

Additionally, monitor your WordPress site for any unauthorized plugin installations or suspicious activity and restrict plugin installation permissions to trusted administrators only.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4375. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart