平台
wordpress
组件
builderall-cheetah-for-wp
修复版本
3.0.2
CVE-2026-22390 describes a Remote Code Execution (RCE) vulnerability within the Builderall Builder for WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially gaining complete control over the affected WordPress site. The vulnerability impacts versions from 0.0.0 up to and including 3.0.1. A fix is expected from Builderall, and users are advised to monitor for updates.
The impact of this RCE vulnerability is severe. A successful exploit allows an attacker to execute arbitrary code on the web server hosting the WordPress site. This could lead to complete compromise of the site, including data theft, defacement, malware installation, and lateral movement to other systems on the network. The attacker could potentially gain access to sensitive user data, database credentials, and other critical information. Given the plugin's functionality, the attacker could also modify the website's content and appearance, disrupting business operations and damaging the organization's reputation.
CVE-2026-22390 was publicly disclosed on 2026-03-05. As of this date, no public proof-of-concept (PoC) code has been released. The EPSS score is pending evaluation, but the CRITICAL CVSS score suggests a high probability of exploitation if a PoC becomes available. Monitor CISA and other security advisories for updates and potential exploitation campaigns.
Organizations using the Builderall Builder for WordPress plugin, particularly those with older versions (0.0.0 - 3.0.1), are at significant risk. Shared hosting environments are especially vulnerable, as a compromised plugin on one site could potentially impact other sites on the same server.
• wordpress / composer / npm:
grep -r "builderall-cheetah-for-wp" /var/www/html/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/builderall-cheetah-for-wp/ | grep -i 'builderall'disclosure
漏洞利用状态
EPSS
0.05% (16% 百分位)
CISA SSVC
CVSS 向量
While a patched version is the definitive solution, immediate mitigation steps are crucial. Implement a Web Application Firewall (WAF) with rules to block suspicious code injection attempts. Strictly validate all user inputs to prevent malicious code from being processed. Consider temporarily disabling the Builderall Builder for WordPress plugin if upgrading immediately is not possible. Monitor server logs for any unusual activity or code execution attempts. After applying any mitigation, verify its effectiveness by attempting to trigger the vulnerability with a safe test payload.
目前没有已知的补丁。请深入审查漏洞的详细信息,并根据您组织的风险承受能力采取缓解措施。最好卸载受影响的软件并寻找替代方案。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-22390 is a critical Remote Code Execution vulnerability in the Builderall Builder for WordPress plugin, allowing attackers to execute arbitrary code on the server.
You are affected if you are using Builderall Builder for WordPress versions 0.0.0 through 3.0.1. Check your plugin version immediately.
Upgrade to the latest patched version of the Builderall Builder for WordPress plugin as soon as it becomes available. Monitor Builderall's website for updates.
As of the disclosure date, there is no confirmed active exploitation, but the CRITICAL severity suggests a high likelihood if a PoC is released.
Check the official Builderall website and security advisory pages for updates and information regarding CVE-2026-22390.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。