pysectools/cve-2026-3629

This repository is a small Python command-line tool that checks whether a WordPress site is exposed to a specific known security flaw. The flaw is tracked as CVE-2026-3629 and lives in a WordPress plugin called "Import and export users and customers". The README rates the issue at CVSS 8.1, which it labels as high severity, and explains that the plugin's save_extra_user_profile_fields function does not block a user-meta key called wp_capabilities. According to the README, this oversight can let an unauthenticated attacker create an account with full Administrator privileges and take over the site. The README lists the affected plugin versions as 1.29.7 or earlier, fixed in 1.29.8. It also spells out two preconditions that must both be true for the flaw to be exploitable: the plugin's "Show fields in profile" setting must be enabled, and a CSV file containing a wp_capabilities column must have been imported. Credit for discovery is given to Supanat Konprom, with a disclosure date of March 21, 2026. To install the checker, a user clones the repo with git and then installs two Python packages, "requests" and "colorama", with pip. The tool is then run as "python3 cve_2026_3629_checker.py" followed by a target URL. Optional arguments let the user override the test username, the test email address, and the network timeout, which defaults to 30 seconds. The README provides example output blocks showing what a vulnerable site versus a safe site looks like, including a coloured banner and a final verdict line. The README ends with a short mitigation section: update the plugin to 1.29.8 or higher, disable the "Show fields in profile" option, and check existing admin accounts for unauthorised users. There is a clear legal disclaimer stating that the tool is for educational use and authorised testing only, plus links to the maintainer's GitHub and Telegram channel, donation wallet addresses, references to Wordfence and the NVD, and an MIT licence note.