Plateforme
wordpress
Composant
builderall-cheetah-for-wp
Corrigé dans
3.0.2
CVE-2026-22390 describes a Remote Code Execution (RCE) vulnerability within the Builderall Builder for WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially gaining complete control over the affected WordPress site. The vulnerability impacts versions from 0.0.0 up to and including 3.0.1. A fix is expected from Builderall, and users are advised to monitor for updates.
The impact of this RCE vulnerability is severe. A successful exploit allows an attacker to execute arbitrary code on the web server hosting the WordPress site. This could lead to complete compromise of the site, including data theft, defacement, malware installation, and lateral movement to other systems on the network. The attacker could potentially gain access to sensitive user data, database credentials, and other critical information. Given the plugin's functionality, the attacker could also modify the website's content and appearance, disrupting business operations and damaging the organization's reputation.
CVE-2026-22390 was publicly disclosed on 2026-03-05. As of this date, no public proof-of-concept (PoC) code has been released. The EPSS score is pending evaluation, but the CRITICAL CVSS score suggests a high probability of exploitation if a PoC becomes available. Monitor CISA and other security advisories for updates and potential exploitation campaigns.
Organizations using the Builderall Builder for WordPress plugin, particularly those with older versions (0.0.0 - 3.0.1), are at significant risk. Shared hosting environments are especially vulnerable, as a compromised plugin on one site could potentially impact other sites on the same server.
• wordpress / composer / npm:
grep -r "builderall-cheetah-for-wp" /var/www/html/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/builderall-cheetah-for-wp/ | grep -i 'builderall'disclosure
Statut de l'Exploit
EPSS
0.05% (percentile 16%)
CISA SSVC
Vecteur CVSS
While a patched version is the definitive solution, immediate mitigation steps are crucial. Implement a Web Application Firewall (WAF) with rules to block suspicious code injection attempts. Strictly validate all user inputs to prevent malicious code from being processed. Consider temporarily disabling the Builderall Builder for WordPress plugin if upgrading immediately is not possible. Monitor server logs for any unusual activity or code execution attempts. After applying any mitigation, verify its effectiveness by attempting to trigger the vulnerability with a safe test payload.
Aucun correctif connu n'est disponible. Veuillez examiner en détail les informations relatives à la vulnérabilité et mettre en œuvre des mesures d'atténuation en fonction de la tolérance au risque de votre organisation. Il peut être préférable de désinstaller le logiciel affecté et de trouver un remplacement.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-22390 is a critical Remote Code Execution vulnerability in the Builderall Builder for WordPress plugin, allowing attackers to execute arbitrary code on the server.
You are affected if you are using Builderall Builder for WordPress versions 0.0.0 through 3.0.1. Check your plugin version immediately.
Upgrade to the latest patched version of the Builderall Builder for WordPress plugin as soon as it becomes available. Monitor Builderall's website for updates.
As of the disclosure date, there is no confirmed active exploitation, but the CRITICAL severity suggests a high likelihood if a PoC is released.
Check the official Builderall website and security advisory pages for updates and information regarding CVE-2026-22390.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.