The Read More & Accordion plugin for WordPress contains a flaw in the RadMoreAjax::importData function that fails to restrict which database tables may be written during import. The function also accepts imported data without adequate validation. This vulnerability can be exploited by an authenticated user who has been granted any of the plugin's role permissions to create new rows in the wp_users and wp_usermeta tables, including entries that set the wp_capabilities field. An attacker therefore can add a new administrator account and obtain full control of the site. The weakness is a classic permissions bypass scenario (CWE-269) and provides direct integrity and confidentiality impact for the entire site.

The issue affects the WordPress plugin "Read More & Accordion" from vendor edmonparker. All releases up to and including version 3.5.7 are vulnerable. No additional vendor products or versions are listed as affected.

The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score is not available, but because the exploitation requires legitimate access to the site through the plugin’s role settings, the likelihood of attack is limited to sites where permissions have been granted. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to be authenticated to the WordPress dashboard and have been given at least the plugin‑defined role that allows importing data to conduct this privilege escalation.