📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Information Technology CRITICAL 2h Global vulnerability Software and Technology HIGH 2h Global vulnerability Software and Cloud Services CRITICAL 2h Global phishing Artificial Intelligence and Email Security HIGH 2h Global phishing Email and Communications CRITICAL 3h Global vulnerability Enterprise Software / E-commerce CRITICAL 4h Global supply_chain Software Development and Technology CRITICAL 4h Global vulnerability Information Technology HIGH 5h Global vulnerability Information Technology HIGH 5h Global vulnerability Information Technology CRITICAL 5h Global vulnerability Information Technology CRITICAL 2h Global vulnerability Software and Technology HIGH 2h Global vulnerability Software and Cloud Services CRITICAL 2h Global phishing Artificial Intelligence and Email Security HIGH 2h Global phishing Email and Communications CRITICAL 3h Global vulnerability Enterprise Software / E-commerce CRITICAL 4h Global supply_chain Software Development and Technology CRITICAL 4h Global vulnerability Information Technology HIGH 5h Global vulnerability Information Technology HIGH 5h Global vulnerability Information Technology CRITICAL 5h Global vulnerability Information Technology CRITICAL 2h Global vulnerability Software and Technology HIGH 2h Global vulnerability Software and Cloud Services CRITICAL 2h Global phishing Artificial Intelligence and Email Security HIGH 2h Global phishing Email and Communications CRITICAL 3h Global vulnerability Enterprise Software / E-commerce CRITICAL 4h Global supply_chain Software Development and Technology CRITICAL 4h Global vulnerability Information Technology HIGH 5h Global vulnerability Information Technology HIGH 5h Global vulnerability Information Technology CRITICAL 5h
Vulnerabilities

CVE-2026-7654

High
CWE-502 — Weakness Type
Published: Jun 5, 2026  ·  Modified: Jun 10, 2026  ·  Source: NVD
CVSS v3
8.8
🔗 NVD Official
📄 Description (English)

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper validation. This makes it possible for authenticated attackers with Contributor-level access and above to inject a serialized PHP object into a post's custom meta field and trigger arbitrary code execution by exploiting a bundled POP gadget chain, resulting in remote code execution as the web server user.

🤖 AI Executive Summary

CVE-2026-7654 is a critical PHP Object Injection vulnerability in the Admin Columns WordPress plugin (versions ≤7.0.18) that allows authenticated contributors to achieve Remote Code Execution through malicious serialized objects in post meta fields. With an 8.8 CVSS score and no patch currently available, this poses an immediate threat to WordPress installations in Saudi Arabia, particularly those managing sensitive government, banking, and healthcare content. The vulnerability requires only contributor-level access, making it exploitable by a broad range of authenticated users.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Jun 10, 2026 00:28
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations using WordPress with the Admin Columns plugin: (1) Government agencies and ministries managing citizen data and official communications through WordPress portals; (2) SAMA-regulated financial institutions using WordPress for customer-facing platforms or internal content management; (3) Healthcare providers (MOH, private hospitals) storing patient information and medical records; (4) Saudi Aramco and energy sector companies using WordPress for operational dashboards or public-facing sites; (5) Telecommunications providers (STC, Mobily, Zain) managing customer portals; (6) Educational institutions managing student and faculty data. The contributor-level requirement means internal threats and compromised accounts pose substantial risk.
🏢 Affected Saudi Sectors
Government & Public Administration Banking & Financial Services (SAMA-regulated) Healthcare (MOH, Private Hospitals) Energy & Oil/Gas (Saudi Aramco) Telecommunications (STC, Mobily, Zain) Education (Universities, Schools) E-commerce & Retail Media & Publishing
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Audit all WordPress installations in your organization for Admin Columns plugin presence and version (check wp-content/plugins/admin-columns/admin-columns.php for version number)

2. Identify all users with Contributor role or above and review their recent post meta modifications

3. Implement Web Application Firewall (WAF) rules to block serialized object patterns in POST requests containing 'meta' parameters

4. Enable WordPress security logging to monitor post meta modifications



PATCHING GUIDANCE:

1. Disable the Admin Columns plugin immediately if not critical to operations (rename plugin folder or use wp-cli: wp plugin deactivate admin-columns)

2. Monitor official Admin Columns GitHub repository and WordPress.org plugin page for security updates

3. When patch becomes available, test in staging environment before production deployment

4. Consider alternative column management plugins with better security practices



COMPENSATING CONTROLS (until patch available):

1. Restrict Contributor role assignments to trusted internal staff only; audit existing assignments

2. Implement role-based access control limiting post meta editing capabilities

3. Use WordPress security plugins (Wordfence, Sucuri) to monitor for suspicious serialized object patterns

4. Deploy database activity monitoring to detect unusual post meta value modifications

5. Implement file integrity monitoring on wp-content/plugins/admin-columns/ directory

6. Use WordPress hardening: disable file editing (DISALLOW_FILE_EDIT = true in wp-config.php)



DETECTION RULES:

1. Monitor POST requests containing 'O:' or 'C:' patterns in meta field values (serialized object indicators)

2. Alert on post meta modifications containing 'unserialize' or PHP object notation

3. Track execution of suspicious PHP functions from web server process (exec, system, passthru, shell_exec)

4. Monitor for unexpected child processes spawned by PHP-FPM or Apache processes

5. Log all database INSERT/UPDATE operations on wp_postmeta table with serialized data patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تدقيق جميع تثبيتات WordPress في مؤسستك للتحقق من وجود مكون Admin Columns والإصدار (تحقق من wp-content/plugins/admin-columns/admin-columns.php لرقم الإصدار)

2. تحديد جميع المستخدمين الذين لديهم دور المساهم أو أعلى ومراجعة تعديلاتهم الأخيرة على بيانات المنشورات

3. تنفيذ قواعد جدار حماية تطبيقات الويب لحظر أنماط الكائنات المسلسلة في طلبات POST التي تحتوي على معاملات 'meta'

4. تفعيل تسجيل أمان WordPress لمراقبة تعديلات بيانات المنشورات



إرشادات التصحيح:

1. تعطيل مكون Admin Columns فوراً إذا لم يكن حرجاً للعمليات (إعادة تسمية مجلد المكون أو استخدام wp-cli: wp plugin deactivate admin-columns)

2. مراقبة مستودع Admin Columns الرسمي على GitHub وصفحة المكون على WordPress.org للتحديثات الأمنية

3. عند توفر التصحيح، اختبره في بيئة التطوير قبل نشره في الإنتاج

4. النظر في مكونات بديلة لإدارة الأعمدة بممارسات أمنية أفضل



الضوابط التعويضية (حتى توفر التصحيح):

1. تقييد تعيينات دور المساهم للموظفين الداخليين الموثوقين فقط؛ تدقيق التعيينات الحالية

2. تنفيذ التحكم في الوصول القائم على الأدوار لتحديد قدرات تحرير بيانات المنشورات

3. استخدام مكونات أمان WordPress (Wordfence, Sucuri) لمراقبة الأنماط المريبة للكائنات المسلسلة

4. نشر مراقبة نشاط قاعدة البيانات للكشف عن تعديلات قيم بيانات المنشورات غير المعتادة

5. تنفيذ مراقبة سلامة الملفات على دليل wp-content/plugins/admin-columns/

6. استخدام تقسية WordPress: تعطيل تحرير الملفات (DISALLOW_FILE_EDIT = true في wp-config.php)



قواعد الكشف:

1. مراقبة طلبات POST التي تحتوي على أنماط 'O:' أو 'C:' في قيم حقول meta (مؤشرات الكائنات المسلسلة)

2. التنبيه على تعديلات بيانات المنشورات التي تحتوي على 'unserialize' أو تدوين كائنات PHP

3. تتبع تنفيذ وظائف PHP المريبة من عملية خادم الويب (exec, system, passthru, shell_exec)

4. مراقبة العمليات الفرعية غير المتوقعة التي يتم إطلاقها من عمليات PHP-FPM أو Apache

5. تسجيل جميع عمليات INSERT/UPDATE على جدول wp_postmeta مع أنماط البيانات المسلسلة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures A.6.1.1 - User access management and authentication A.6.2.1 - User access rights review A.8.2.1 - Classification of information A.12.2.1 - Restrictions on software installation A.12.4.1 - Event logging and monitoring A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
Governance & Risk Management - Vulnerability Management Information & Cybersecurity - Access Control Information & Cybersecurity - Application Security Operational Resilience - Monitoring & Detection Operational Resilience - Incident Response
🟡 ISO 27001:2022
A.5.1 - Management direction for information security A.6.1 - Screening A.6.2 - User access rights A.8.1 - Asset responsibility A.12.2 - Restrictions on software installation A.12.4 - Event logging A.12.6 - Management of technical vulnerabilities A.14.2 - Secure development policy
🟣 PCI DSS v4.0.1
Requirement 1.1 - Firewall configuration standards Requirement 2.1 - Default security parameters Requirement 6.2 - Security patches and updates Requirement 6.5 - Injection flaws prevention Requirement 10.2 - User access logging Requirement 10.3 - Logging of access to audit trails
📊 CVSS Score
8.8
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score8.8
CWECWE-502
Exploit No
Patch ✗ No
Published 2026-06-05
Source Feed nvd
🇸🇦 Saudi Risk Score
8.9
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
CWE-502
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.