WordPress Builderall Builder for WordPress plugin <= 3.0.1 - Remote Code Execution (RCE) vulnerability
अनुवाद हो रहा है…प्लेटफ़ॉर्म
wordpress
घटक
builderall-cheetah-for-wp
में ठीक किया गया
3.0.2
CVE-2026-22390 describes a Remote Code Execution (RCE) vulnerability within the Builderall Builder for WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially gaining complete control over the affected WordPress site. The vulnerability impacts versions from 0.0.0 up to and including 3.0.1. A fix is expected from Builderall, and users are advised to monitor for updates.
इस CVE को अपने प्रोजेक्ट में पहचानें
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
The impact of this RCE vulnerability is severe. A successful exploit allows an attacker to execute arbitrary code on the web server hosting the WordPress site. This could lead to complete compromise of the site, including data theft, defacement, malware installation, and lateral movement to other systems on the network. The attacker could potentially gain access to sensitive user data, database credentials, and other critical information. Given the plugin's functionality, the attacker could also modify the website's content and appearance, disrupting business operations and damaging the organization's reputation.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2026-22390 was publicly disclosed on 2026-03-05. As of this date, no public proof-of-concept (PoC) code has been released. The EPSS score is pending evaluation, but the CRITICAL CVSS score suggests a high probability of exploitation if a PoC becomes available. Monitor CISA and other security advisories for updates and potential exploitation campaigns.
कौन जोखिम में हैअनुवाद हो रहा है…
Organizations using the Builderall Builder for WordPress plugin, particularly those with older versions (0.0.0 - 3.0.1), are at significant risk. Shared hosting environments are especially vulnerable, as a compromised plugin on one site could potentially impact other sites on the same server.
पहचान के चरणअनुवाद हो रहा है…
• wordpress / composer / npm:
grep -r "builderall-cheetah-for-wp" /var/www/html/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/builderall-cheetah-for-wp/ | grep -i 'builderall'हमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.05% (16% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
- Attack Complexity
- निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
- Privileges Required
- निम्न — कोई भी वैध उपयोगकर्ता खाता पर्याप्त है।
- User Interaction
- कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
- Scope
- बदला हुआ — हमला कमज़ोर घटक से परे अन्य प्रणालियों तक फैल सकता है।
- Confidentiality
- उच्च — पूर्ण गोपनीयता हानि। हमलावर सभी डेटा पढ़ सकता है।
- Integrity
- उच्च — हमलावर कोई भी डेटा लिख, बदल या हटा सकता है।
- Availability
- उच्च — पूर्ण क्रैश या संसाधन समाप्ति। पूर्ण सेवा से इनकार।
प्रभावित सॉफ्टवेयर
पैकेज जानकारी
- सक्रिय इंस्टॉलेशन
- 1Kआला
- प्लगइन रेटिंग
- 5.0
- WordPress आवश्यक
- 4.6+
- संगत संस्करण तक
- 6.7.5
- PHP आवश्यक
- 5.6+
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
While a patched version is the definitive solution, immediate mitigation steps are crucial. Implement a Web Application Firewall (WAF) with rules to block suspicious code injection attempts. Strictly validate all user inputs to prevent malicious code from being processed. Consider temporarily disabling the Builderall Builder for WordPress plugin if upgrading immediately is not possible. Monitor server logs for any unusual activity or code execution attempts. After applying any mitigation, verify its effectiveness by attempting to trigger the vulnerability with a safe test payload.
कैसे ठीक करेंअनुवाद हो रहा है…
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2026-22390 — RCE in Builderall Builder for WordPress?
CVE-2026-22390 is a critical Remote Code Execution vulnerability in the Builderall Builder for WordPress plugin, allowing attackers to execute arbitrary code on the server.
Am I affected by CVE-2026-22390 in Builderall Builder for WordPress?
You are affected if you are using Builderall Builder for WordPress versions 0.0.0 through 3.0.1. Check your plugin version immediately.
How do I fix CVE-2026-22390 in Builderall Builder for WordPress?
Upgrade to the latest patched version of the Builderall Builder for WordPress plugin as soon as it becomes available. Monitor Builderall's website for updates.
Is CVE-2026-22390 being actively exploited?
As of the disclosure date, there is no confirmed active exploitation, but the CRITICAL severity suggests a high likelihood if a PoC is released.
Where can I find the official Builderall advisory for CVE-2026-22390?
Check the official Builderall website and security advisory pages for updates and information regarding CVE-2026-22390.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।