CVE-2026-7467

WordPress · Read More & Accordion plugin

The Read More & Accordion plugin for WordPress contains a privilege escalation vulnerability in all versions up to and including 3.

Executive summary

The Read More & Accordion plugin for WordPress is susceptible to a privilege escalation vulnerability that could allow unauthorized users to gain elevated administrative rights.

Vulnerability

The plugin fails to properly validate user capabilities, allowing an attacker to perform privilege escalation. While the authentication requirement is not explicitly detailed, privilege escalation vulnerabilities in WordPress plugins typically require low-level authenticated access to trigger.

Business impact

Successful exploitation of this vulnerability presents a critical risk, as it allows unauthorized users to escalate their privileges to an administrative level. This could lead to full site compromise, unauthorized data access, and potential malware injection, justifying the high CVSS score of 8.8.

Remediation

Immediate Action: Identify and update the Read More & Accordion plugin to the latest available version provided by the vendor.

Proactive Monitoring: Audit WordPress user accounts for suspicious activity or unauthorized changes to user roles.

Compensating Controls: Implement a Web Application Firewall (WAF) to block suspicious requests targeting plugin-specific administrative functions.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the severity of privilege escalation, administrators must prioritize updating the plugin immediately. If a patch is not currently available, consider disabling or removing the plugin until a secure version is released to prevent potential site takeovers.