CVE-2025-4126

EIP tracks 1 public exploit for CVE-2025-4126. PoCs published by Slow-Mist.

AI-analyzed exploit summary This repository contains a Proof of Concept (PoC) demonstrating a reentrancy attack vulnerability in Ethereum smart contracts. It includes vulnerable and attacker contracts, along with a Hardhat test script to simulate the attack.

The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [series] shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode_title function. This makes it possible for authenticated attackers - with contributor-level access and above, on sites with the Classic Editor plugin activated - to inject arbitrary JavaScript code in the titletag attribute that will execute whenever a user access an injected page.