Advanced Database Cleaner – Premium Plugin <= 4.1.0 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/advanced-database-cleaner--premium-plugin--4.1.0/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 20 May 2026 05:16:58 +0000Advanced Database Cleaner Premium WordPress Plugin Vulnerable to Local File Inclusion (CVE-2026-7522)https://feed.craftedsignal.io/briefs/2026-05-wordpress-adc-premium-lfi/Wed, 20 May 2026 05:16:58 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-wordpress-adc-premium-lfi/The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion (LFI) in versions up to 4.1.0, allowing authenticated attackers with subscriber-level access to include and execute arbitrary PHP files on the server via the 'template' parameter, potentially leading to access control bypass, sensitive data access, or code execution.The Advanced Database Cleaner – Premium plugin for WordPress is susceptible to a Local File Inclusion (LFI) vulnerability, identified as CVE-2026-7522. This flaw affects versions up to and including 4.1.0. Authenticated attackers, possessing at least Subscriber-level privileges, can exploit this vulnerability by manipulating the ’template’ parameter. This manipulation allows the inclusion and execution of arbitrary PHP files residing on the server. Successful exploitation can lead to bypassing access controls, obtaining sensitive data, or, if the attacker can upload PHP files, achieving arbitrary code execution on the target system. This vulnerability poses a significant risk to WordPress sites using the affected plugin versions.

Attack Chain

  1. An attacker gains Subscriber-level or higher access to the WordPress instance. This could be through compromised credentials or by registering a new user account.
  2. The attacker crafts a malicious HTTP request targeting the vulnerable ’template’ parameter within the Advanced Database Cleaner – Premium plugin.
  3. The crafted request includes a path to a local PHP file that the attacker wants to include and execute. This could be an existing file on the server or a file previously uploaded by the attacker through another vulnerability or misconfiguration.
  4. The WordPress application processes the request and includes the specified PHP file, effectively executing the code within that file.
  5. If the included PHP file contains malicious code, it will be executed with the permissions of the web server user.
  6. The attacker can leverage the executed code to perform various malicious actions, such as reading sensitive files, creating new administrative users, or injecting malicious code into other parts of the WordPress site.
  7. The attacker might establish persistent access by creating a backdoor or modifying existing files to maintain control over the compromised system.

Impact

Successful exploitation of this LFI vulnerability could allow attackers to bypass access controls and gain unauthorized access to sensitive information stored on the WordPress server, including database credentials, configuration files, and user data. Furthermore, in scenarios where attackers can upload PHP files, they can achieve arbitrary code execution, potentially leading to complete system compromise. The impact ranges from data theft and defacement to full control of the web server, affecting all sites hosted on the server.

Recommendation

  • Apply the patch or upgrade to a version of the Advanced Database Cleaner – Premium plugin that is not vulnerable to CVE-2026-7522.
  • Deploy the Sigma rule Detect CVE-2026-7522 Exploitation - Advanced Database Cleaner Premium LFI to identify exploitation attempts targeting the vulnerable ’template’ parameter.
  • Monitor web server logs for suspicious requests containing the ’template’ parameter with unusual file paths, which may indicate LFI attempts.
  • Restrict file upload permissions to prevent unauthorized users from uploading malicious PHP files.
  • Implement strong password policies and multi-factor authentication to protect WordPress user accounts.
]]>highadvisorywordpresslficve-2026-7522local-file-inclusion