CVE-2017-14126

MEDIUM

Participants Database < 1.7.5.10 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14126. PoCs published by Benjamin Lim.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the WordPress Participants Database plugin version 1.7.5.9. The vulnerability allows attackers to inject arbitrary JavaScript via the Name parameter, which is executed on both the signup confirmation page and the participant list page.

Description

The Participants Database plugin before 1.7.5.10 for WordPress has XSS.

Exploits (1)

exploitdb WORKING POC

by Benjamin Lim · textwebappsphp

https://www.exploit-db.com/exploits/42618

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the WordPress Participants Database plugin version 1.7.5.9. The vulnerability allows attackers to inject arbitrary JavaScript via the Name parameter, which is executed on both the signup confirmation page and the participant list page.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Participants Database plugin < 1.7.5.10

No auth needed

Prerequisites: Access to the participant signup form

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_confirm

https://wordpress.org/plugins/participants-database/#developers

Various Sources x_refsource_misc

https://limbenjamin.com/articles/cve-2017-14126-participants-database-xss.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42618/

Scores

CVSS v3 6.1

EPSS 0.0230

EPSS Percentile 81.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

xnau/participants_database 1.7.5.10

Published Sep 04, 2017

Tracked Since Feb 18, 2026