CVE-2026-4375 PUBLISHED

DoLeads Integrator <= 1.2.2 & wp2epub <= 0.65 - Unauthenticated RCE

Assigner: WPScan
Reserved: 18.03.2026 Published: 07.07.2026 Updated: 07.07.2026

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.

Product Status

Vendor Unknown
Product DoLeads Integrator
Versions Default: unknown
  • affected from 0 to 0.65 (incl.)
Vendor Unknown
Product wp2epub
Versions Default: unknown
  • affected from 0 to 0.65 (incl.)

Credits

  • Erwan LR (WPScan) finder
  • WPScan coordinator

References

Problem Types

  • CWE-94 Improper Control of Generation of Code ('Code Injection') CWE