CVE-2026-7522

Name of the Vulnerable Software and Affected Versions Advanced Database Cleaner – Premium versions prior to 4.1.1

Description The Advanced Database Cleaner – Premium plugin for WordPress contains a Local File Inclusion issue, which occurs when an application includes a file without properly validating the input, allowing an attacker to read or execute files on the server. Authenticated attackers with Subscriber-level access or higher can use the template parameter to include and execute arbitrary .php files. This can lead to the bypass of access controls, unauthorized access to sensitive data, or remote code execution if .php files can be uploaded to the server.

Recommendations Update the plugin to a version later than 4.1.0. As a temporary workaround, restrict access to the template parameter to minimize the risk of exploitation.