PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-7467 edmonparker CVE debrief

The Read More & Accordion plugin for WordPress is vulnerable to privilege escalation in all versions up to and including 3.5.7. The vulnerability exists in the `RadMoreAjax::importData` function, which fails to restrict which database tables can be written to during import operations and does not properly validate imported data. This allows authenticated attackers with permissions granted through the plugin's role settings to insert arbitrary rows into the `wp_users` and `wp_usermeta` tables, including the `wp_capabilities` field, enabling creation of a new administrator account and full site compromise. The CVSS 3.1 score of 8.8 reflects high impact across confidentiality, integrity, and availability with low attack complexity. The CVE was published on May 20, 2026, with a subsequent modification on the same day. No known exploitation in ransomware campaigns has been documented.

Vendor
edmonparker
Product
Read More & Accordion
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-20
Original CVE updated
2026-05-20
Advisory published
2026-05-20
Advisory updated
2026-05-20

Who should care

WordPress site administrators using the Read More & Accordion plugin; security teams monitoring WordPress plugin vulnerabilities; managed service providers hosting WordPress environments

Technical summary

The vulnerability stems from insufficient access control (CWE-269) in the plugin's data import functionality. The `RadMoreAjax::importData` method accepts user-supplied data for database insertion without validating the target table or sanitizing row content. This enables attackers with plugin-granted permissions to craft import payloads that write directly to WordPress core tables, specifically injecting administrator-capable user records. The attack requires network access and valid authentication with plugin-specific permissions, but no user interaction. Successful exploitation grants complete site administrative control.

Defensive priority

HIGH

Recommended defensive actions

  • Update the Read More & Accordion plugin to version 3.5.8 or later immediately
  • Review user accounts and roles for unauthorized administrator-level access created since plugin installation
  • Audit plugin role settings to ensure minimal necessary permissions are granted to non-administrator users
  • Implement database activity monitoring to detect unauthorized writes to wp_users and wp_usermeta tables
  • Consider disabling the plugin's import functionality if not required until patching is complete
  • Review web server access logs for suspicious import-related requests to RadMoreAjax endpoints

Evidence notes

Vulnerability confirmed through code review of RadMoreAjax.php at line 62 in version 3.5.5, demonstrating lack of table restriction and data validation in import functionality. Wordfence security advisory provides additional technical context.

Official resources

2026-05-20