GWD Connect

4.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints (gwd-backup.php and gwd-logs.php) not verifying authentication when the API key has not been configured, which is the default state. This makes it possible for unauthenticated attackers - on unregistered installations only, in certain environments - to execute arbitrary code on the server via the update_agent action, which writes attacker-supplied PHP code to the agent file.

Basic Information

ID CVE-2026-6663

Source Wordfence

Published May 12, 2026 at 07:48

Affected Product

Vendor thewebsitesupply

Product GWD Conex

Affected Versions thewebsitesupply GWD Conex 0

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints (gwd-backup.php and gwd-logs.php) not verifying authentication when the API key has not been configured, which is the default state. This makes it possible for unauthenticated attackers - on unregistered installations only, in certain environments - to execute arbitrary code on the server via the update_agent action, which writes attacker-supplied PHP code to the agent file.",
    "published": "2026-05-12T07:48:20.471Z",
    "modified": "2026-05-12T07:48:20.471Z",
    "type": "cve",
    "title": "GWD Connect <= 2.9 - Unauthenticated Limited Code Execution via update_agent",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d2d435f-d6ce-41bd-8a45-e252fb4ba419?source=cve\nhttps://plugins.trac.wordpress.org/browser/graphic-web-design-inc/tags/2.9/gwd-backup.php?marks=1991,2002,2548#L1991\nhttps://plugins.trac.wordpress.org/browser/graphic-web-design-inc/tags/2.9/gwd-logs.php?marks=398,403,851#L398",
    "id": "CVE-2026-6663",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "thewebsitesupply GWD Conex 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GWD Conex",
    "version": "0",
    "vendor": "thewebsitesupply",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GWD Connect <= 2.9 - Unauthenticated Limited Code Execution via update_agent_CVE-2026-6663