{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-7522/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7522"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Advanced Database Cleaner – Premium plugin \u003c= 4.1.0"],"_cs_severities":["high"],"_cs_tags":["wordpress","lfi","cve-2026-7522","local-file-inclusion"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe Advanced Database Cleaner – Premium plugin for WordPress is susceptible to a Local File Inclusion (LFI) vulnerability, identified as CVE-2026-7522. This flaw affects versions up to and including 4.1.0. Authenticated attackers, possessing at least Subscriber-level privileges, can exploit this vulnerability by manipulating the \u0026rsquo;template\u0026rsquo; parameter. This manipulation allows the inclusion and execution of arbitrary PHP files residing on the server. Successful exploitation can lead to bypassing access controls, obtaining sensitive data, or, if the attacker can upload PHP files, achieving arbitrary code execution on the target system. This vulnerability poses a significant risk to WordPress sites using the affected plugin versions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains Subscriber-level or higher access to the WordPress instance. This could be through compromised credentials or by registering a new user account.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the vulnerable \u0026rsquo;template\u0026rsquo; parameter within the Advanced Database Cleaner – Premium plugin.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a path to a local PHP file that the attacker wants to include and execute. This could be an existing file on the server or a file previously uploaded by the attacker through another vulnerability or misconfiguration.\u003c/li\u003e\n\u003cli\u003eThe WordPress application processes the request and includes the specified PHP file, effectively executing the code within that file.\u003c/li\u003e\n\u003cli\u003eIf the included PHP file contains malicious code, it will be executed with the permissions of the web server user.\u003c/li\u003e\n\u003cli\u003eThe attacker can leverage the executed code to perform various malicious actions, such as reading sensitive files, creating new administrative users, or injecting malicious code into other parts of the WordPress site.\u003c/li\u003e\n\u003cli\u003eThe attacker might establish persistent access by creating a backdoor or modifying existing files to maintain control over the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this LFI vulnerability could allow attackers to bypass access controls and gain unauthorized access to sensitive information stored on the WordPress server, including database credentials, configuration files, and user data. Furthermore, in scenarios where attackers can upload PHP files, they can achieve arbitrary code execution, potentially leading to complete system compromise. The impact ranges from data theft and defacement to full control of the web server, affecting all sites hosted on the server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a version of the Advanced Database Cleaner – Premium plugin that is not vulnerable to CVE-2026-7522.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2026-7522 Exploitation - Advanced Database Cleaner Premium LFI\u003c/code\u003e to identify exploitation attempts targeting the vulnerable \u0026rsquo;template\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing the \u0026rsquo;template\u0026rsquo; parameter with unusual file paths, which may indicate LFI attempts.\u003c/li\u003e\n\u003cli\u003eRestrict file upload permissions to prevent unauthorized users from uploading malicious PHP files.\u003c/li\u003e\n\u003cli\u003eImplement strong password policies and multi-factor authentication to protect WordPress user accounts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-20T05:16:58Z","date_published":"2026-05-20T05:16:58Z","id":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-adc-premium-lfi/","summary":"The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion (LFI) in versions up to 4.1.0, allowing authenticated attackers with subscriber-level access to include and execute arbitrary PHP files on the server via the 'template' parameter, potentially leading to access control bypass, sensitive data access, or code execution.","title":"Advanced Database Cleaner Premium WordPress Plugin Vulnerable to Local File Inclusion (CVE-2026-7522)","url":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-adc-premium-lfi/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-7522","version":"https://jsonfeed.org/version/1.1"}