NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-7654

Summary	The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper validation. This makes it possible for authenticated attackers with Contributor-level access and above to inject a serialized PHP object into a post's custom meta field and trigger arbitrary code execution by exploiting a bundled POP gadget chain, resulting in remote code execution as the web server user.
Publication Date	June 6, 2026, 8:16 a.m.
Registration Date	June 7, 2026, 4:12 a.m.
Last Update	June 6, 2026, 8:16 a.m.

CVSS3.1 : HIGH
スコア	8.8
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Related information, measures and tools

No	URL	refsource	タグ
1	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/classes/Formatter/IdsToCollection.php#L42	security@wordfence.com
2	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/classes/Formatter/Meta.php#L34	security@wordfence.com
3	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/vendor/laravel/serializable-closure/src/Serializers/Native.php#L148	security@wordfence.com
4	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/vendor/laravel/serializable-closure/src/Support/ClosureStream.php#L47	security@wordfence.com
5	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/classes/Formatter/IdsToCollection.php#L42	security@wordfence.com
6	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/classes/Formatter/Meta.php#L34	security@wordfence.com
7	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/vendor/laravel/serializable-closure/src/Serializers/Native.php#L148	security@wordfence.com
8	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/vendor/laravel/serializable-closure/src/Support/ClosureStream.php#L47	security@wordfence.com
9	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3553297%40codepress-admin-columns&new=3553297%40codepress-admin-columns&sfp_email=&sfph_mail=	security@wordfence.com
10	https://www.wordfence.com/threat-intel/vulnerabilities/id/051a3967-ef86-49bc-b72c-23e43568fef6?source=cve	security@wordfence.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-502	信頼性のないデータのデシリアライゼーション	https://cwe.mitre.org/data/definitions/502.html