PatchSiren cyber security CVE debrief
CVE-2026-4375 DoLeads CVE debrief
The CVE record for CVE-2026-4375 was published on 2026-07-07T06:16:22.360Z and has not been modified since then. The NVD entry is currently Received. This debrief provides defensive context based on available information. The DoLeads Integrator WordPress plugin through 0.65 and wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE once added to a blog, potentially using vulnerabilities in unclosed extensions from wordpress.org that can be installed by unauthorized users. Defenders should review their inventory and apply patches or mitigations as necessary.
- Vendor
- DoLeads
- Product
- DoLeads Integrator WordPress plugin
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Defenders of WordPress installations using the DoLeads Integrator and wp2epub plugins should review their inventory and apply patches or mitigations as necessary. This includes administrators, security teams, and IT personnel responsible for maintaining WordPress installations and ensuring the security of their environments.
Technical summary
The DoLeads Integrator WordPress plugin through 0.65 and wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE once added to a blog, potentially using vulnerabilities in unclosed extensions from wordpress.org that can be installed by unauthorized users. This could allow attackers to execute arbitrary code on affected systems, potentially leading to significant impacts on data confidentiality, integrity, and availability.
Defensive priority
Medium priority due to potential for remote code execution and significant impact on data confidentiality, integrity, and availability.
Recommended defensive actions
- Inventory and patch management for WordPress plugins
- Restrict installation of unclosed extensions from wordpress.org
- Monitor for suspicious activity related to DoLeads Integrator and wp2epub plugins
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
Evidence is limited; primary official records indicate potential for RCE but details are sparse. Defenders should verify the accuracy of the information and review available sources for CVE-2026-4375, including official CVE and NVD records, and consider the potential for remote code execution in WordPress installations using the DoLeads Integrator and wp2epub plugins.
Official resources
-
CVE-2026-4375 CVE record
CVE.org
-
CVE-2026-4375 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T06:16:22.360Z and has not been modified since then. The NVD entry is currently Received.