Exploitation Summary
EIP tracks 1 public exploit for CVE-2017-18602. PoCs published by 8bitsec.
AI-analyzed exploit summary This is a writeup detailing stored XSS and blind SQL injection vulnerabilities in the IBPS Online Exam Plugin for WordPress v1.0. It includes proof-of-concept payloads for both vulnerabilities but does not contain executable exploit code.
Description
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
Exploits (1)
exploitdb
WRITEUP
by 8bitsec · textwebappsphp
https://www.exploit-db.com/exploits/42351
This is a writeup detailing stored XSS and blind SQL injection vulnerabilities in the IBPS Online Exam Plugin for WordPress v1.0. It includes proof-of-concept payloads for both vulnerabilities but does not contain executable exploit code.
Classification
Writeup 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Reliable
Target:
IBPS Online Exam Plugin for WordPress v1.0
Auth required
Prerequisites:
Authenticated access as a student · WordPress environment with the vulnerable plugin installed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42351
Scores
CVSS v3
8.8
EPSS
0.0158
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
ibps_online_exam_project/ibps_online_exam
1.0
Published
Sep 10, 2019
Tracked Since
Feb 18, 2026