CVE-2026-0572
📋 TL;DR
The WebPurify Profanity Filter WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify plugin settings. This affects all WordPress sites using plugin versions up to 4.0.2. Attackers can change filtering rules and potentially disable security features.
💻 Affected Systems
- WebPurify Profanity Filter WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers disable profanity filtering entirely, allowing inappropriate content to appear on websites, potentially causing brand damage, legal issues, or content policy violations.
Likely Case
Attackers modify filtering rules to allow specific inappropriate content through or disable filtering for certain user groups.
If Mitigated
With proper network segmentation and web application firewalls, exploitation attempts are blocked before reaching vulnerable systems.
🎯 Exploit Status
Simple HTTP POST request to vulnerable endpoint with no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.0.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2343695/webpurifytextreplace/trunk/webpurifytextreplace-options.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find WebPurify Profanity Filter. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install fresh version 4.0.3+.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched version can be installed
wp plugin deactivate webpurifytextreplace
Web Application Firewall Rule
allBlock requests to the vulnerable endpoint
Block POST requests to /wp-admin/admin-ajax.php with action=webpurify_save_options
🧯 If You Can't Patch
- Deactivate the WebPurify plugin immediately
- Implement network-level blocking of the vulnerable endpoint using WAF or reverse proxy
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > WebPurify Profanity Filter version. If version is 4.0.2 or lower, system is vulnerable.Check Version:
wp plugin get webpurifytextreplace --field=versionVerify Fix Applied:
Verify plugin version is 4.0.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=webpurify_save_options from unauthenticated users
- Unusual changes to WebPurify plugin settings
Network Indicators:
- HTTP POST requests to WordPress admin-ajax endpoint with webpurify_save_options parameter
SIEM Query:
source="web_server" AND (url_path="/wp-admin/admin-ajax.php" AND http_method="POST" AND parameters CONTAINS "webpurify_save_options")