{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22390", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T12:21:40.879Z", "datePublished": "2026-03-05T05:53:33.444Z", "dateUpdated": "2026-04-28T16:54:21.317Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "builderall-cheetah-for-wp", "product": "Builderall Builder for WordPress", "vendor": "Builderall", "versions": [{"lessThanOrEqual": "3.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:17.432Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.<p>This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.</p>"}], "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:42.764Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/builderall-cheetah-for-wp/vulnerability/wordpress-builderall-builder-for-wordpress-plugin-3-0-1-remote-code-execution-rce-vulnerability?_s_id=cve"}], "title": "WordPress Builderall Builder for WordPress plugin <= 3.0.1 - Remote Code Execution (RCE) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T13:25:42.637073Z", "id": "CVE-2026-22390", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T16:54:21.317Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22390", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T13:25:42.637073Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T13:24:40.473Z"}}], "cna": {"title": "WordPress Builderall Builder for WordPress plugin <= 3.0.1 - Remote Code Execution (RCE) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "Code Injection"}]}], "affected": [{"vendor": "Builderall", "product": "Builderall Builder for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.0.1"}], "packageName": "builderall-cheetah-for-wp", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:17.432Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/builderall-cheetah-for-wp/vulnerability/wordpress-builderall-builder-for-wordpress-plugin-3-0-1-remote-code-execution-rce-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.<p>This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:13:41.911Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22390", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:13:41.911Z", "dateReserved": "2026-01-07T12:21:40.879Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-05T05:53:33.444Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1."}, {"lang": "es", "value": "Vulnerabilidad de Control inadecuado de la generaci\u00f3n de c\u00f3digo ('Inyecci\u00f3n de c\u00f3digo') en Builderall Builderall Builder para WordPress builderall-cheetah-for-wp permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Builderall Builder para WordPress: desde n/a hasta &lt;= 3.0.1."}], "id": "CVE-2026-22390", "lastModified": "2026-04-22T21:26:58.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-05T06:16:13.520", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/builderall-cheetah-for-wp/vulnerability/wordpress-builderall-builder-for-wordpress-plugin-3-0-1-remote-code-execution-rce-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.0.1]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Builderall Builder for WordPress", "source": "cna", "vendor": "Builderall"}, "product": "builder_for_wordpress", "vendor": "builderall"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T05:39:15.920770+00:00", "value": {"mitigation_remediation": ["Upgrade to Builderall Builder for WordPress version 3.0.2 or later when patched releases become available", "If a patch is not yet available, disable the Builderall Builder for WordPress plugin completely until an upgrade can be applied", "Limit user roles that can edit or insert content via the builder to only those who absolutely need it, enforcing the principle of least privilege", "Monitor web server and application logs for suspicious code injection attempts and anomalous HTTP requests targeting the plugin endpoints"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Builderall Builder for WordPress, version 3.0.1 and earlier. Users running any version from the initial release through 3.0.1 are at risk.", "description_and_impact": "This vulnerability is an improper control of code generation flaw that allows an attacker to inject malicious code into the Builderall Builder for WordPress plugin. Such code injection grants the attacker the ability to execute arbitrary code on the affected WordPress installation, potentially compromising confidentiality, integrity, and availability of the site, as well as allowing broader network compromise if the application runs with elevated privileges.", "risk_and_exploitability": "The CVSS score of 9.9 classifies this as critical severity. The EPSS score is below 1%, indicating a low but non-zero probability of exploitation in the wild, and it is not included in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is remote, although the input pathways are not explicitly detailed; it is inferred that an attacker may exploit the vulnerability through manipulated content in the builder interface or via crafted HTTP requests that trigger the flawed code generation logic. Only users who can submit data to the vulnerable components are susceptible, so restricting access can mitigate the risk."}}}}, "created": "2026-03-06T15:14:47.048088+00:00", "updated": "2026-04-16T05:45:26.017241+00:00", "vendors": ["builderall", "builderall$PRODUCT$builder_for_wordpress", "wordpress", "wordpress$PRODUCT$wordpress"]}