← back
CVE-2026-4375

DoLeads Integrator <= 1.2.2 & wp2epub <= 0.65 - Unauthenticated RCE

CVSS 9 CRITICALEPSS 0.2%
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 9EPSS 0.2%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
07 Jul 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.