{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-7467/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7467"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Read More \u0026 Accordion plugin \u003c= 3.5.7"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","wordpress","CVE-2026-7467"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe Read More \u0026amp; Accordion plugin, versions 3.5.7 and earlier, contains a privilege escalation vulnerability (CVE-2026-7467). The vulnerability resides within the \u003ccode\u003eRadMoreAjax::importData\u003c/code\u003e function. Insufficient input validation and a lack of restrictions on database table writes during the import process allow authenticated attackers with plugin-granted permissions to manipulate critical database tables. By inserting arbitrary rows into the \u003ccode\u003ewp_users\u003c/code\u003e and \u003ccode\u003ewp_usermeta\u003c/code\u003e tables, including the \u003ccode\u003ewp_capabilities\u003c/code\u003e field, attackers can effectively create rogue administrator accounts. This flaw allows them to gain complete administrative control over the affected WordPress site.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access to a WordPress site. This access level must have the permission to use the Read More \u0026amp; Accordion plugin\u0026rsquo;s import feature.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload designed to create a new administrator user. This payload includes entries for the \u003ccode\u003ewp_users\u003c/code\u003e and \u003ccode\u003ewp_usermeta\u003c/code\u003e tables.\u003c/li\u003e\n\u003cli\u003eThe malicious payload is submitted to the \u003ccode\u003eRadMoreAjax::importData\u003c/code\u003e function through the plugin\u0026rsquo;s import functionality.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eRadMoreAjax::importData\u003c/code\u003e function fails to properly validate the data, allowing the attacker\u0026rsquo;s crafted entries to be processed.\u003c/li\u003e\n\u003cli\u003eNew rows are inserted into the \u003ccode\u003ewp_users\u003c/code\u003e and \u003ccode\u003ewp_usermeta\u003c/code\u003e tables, effectively creating a new user account.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ewp_usermeta\u003c/code\u003e table is populated with metadata for the new user, including the \u003ccode\u003ewp_capabilities\u003c/code\u003e field. This field is set to grant the user administrator privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker logs in to the WordPress site using the newly created administrator account.\u003c/li\u003e\n\u003cli\u003eThe attacker now has full control over the compromised WordPress site, including the ability to install plugins, modify themes, and access sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7467 allows an attacker to gain complete administrative control over a WordPress website. This can lead to data theft, website defacement, malware distribution, and other malicious activities. The severity is high due to the ease of exploitation for authenticated users and the potential for complete system compromise. The number of potentially affected websites is significant, as the Read More \u0026amp; Accordion plugin is a widely used WordPress plugin.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Read More \u0026amp; Accordion plugin to a version greater than 3.5.7 to patch CVE-2026-7467.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect CVE-2026-7467 Exploitation Attempt via Read More \u0026amp; Accordion Plugin Import\u0026rdquo; to detect attempts to exploit this vulnerability in real-time.\u003c/li\u003e\n\u003cli\u003eReview user roles and permissions within WordPress to ensure that only trusted users have access to plugin import functionality.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-20T02:19:22Z","date_published":"2026-05-20T02:19:22Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7467-wordpress-privesc/","summary":"The Read More \u0026 Accordion plugin for WordPress is vulnerable to privilege escalation due to insufficient restrictions on database table writes and data validation during import, allowing authenticated attackers to create administrator accounts.","title":"CVE-2026-7467: WordPress Read More \u0026 Accordion Plugin Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7467-wordpress-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-7467","version":"https://jsonfeed.org/version/1.1"}