CVE-2026-4375
DoLeads Integrator <= 1.2.2 & wp2epub <= 0.65 - Unauthenticated RCE
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 9EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
07 Jul 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
public PoCs found — 1
cve_referencewpscan.com/vulnerability/dd043e6c-e6c6-4c8d-aab0-5265d28f5cf6/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.