CVE-2026-1056

CRITICAL

Snow Monkey Forms <12.0.3 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-1056. PoCs published by ch4r0nn, XZ1r0, Sechunt3r.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-1056, an unauthenticated arbitrary file deletion vulnerability in Snow Monkey Forms WordPress plugin (versions <= 12.0.3). The exploit leverages path traversal via the 'formid' parameter to delete arbitrary files on the server.

Description

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Exploits (3)

nomisec WORKING POC 6 stars
by ch4r0nn · poc
https://github.com/ch4r0nn/CVE-2026-1056-POC

This repository contains a functional exploit for CVE-2026-1056, an unauthenticated arbitrary file deletion vulnerability in Snow Monkey Forms WordPress plugin (versions <= 12.0.3). The exploit leverages path traversal via the 'formid' parameter to delete arbitrary files on the server.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Snow Monkey Forms WordPress plugin <= 12.0.3
No auth needed
Prerequisites: Python 3.x · requests library · target URL · file path to delete
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC
by XZ1r0 · pythonpoc
https://github.com/XZ1r0/cve-2026-poc-collection/tree/main/other/CVE-2026-1056-POC

This repository contains a functional Python exploit for CVE-2026-1056, an unauthenticated arbitrary file deletion vulnerability in Snow Monkey Forms <= 12.0.3. The exploit bypasses CSRF checks and leverages path traversal via the 'formid' parameter to delete arbitrary files on the server.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Snow Monkey Forms WordPress plugin <= 12.0.3
No auth needed
Prerequisites: Python 3.x · requests library · target URL · file path to delete
devstral-2 · analyzed May 21, 2026 Full analysis →
github WORKING POC
by Sechunt3r · pythonpoc
https://github.com/Sechunt3r/CVE-POCs/tree/main/CVE-2026-1056

This repository contains a functional exploit for CVE-2026-1056, an unauthenticated arbitrary file deletion vulnerability in Snow Monkey Forms for WordPress. The exploit leverages path traversal in the REST API endpoint to delete critical files, potentially leading to RCE.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Snow Monkey Forms <= 12.0.3
No auth needed
Prerequisites: Snow Monkey Forms plugin installed and activated · Token directory must exist (created by uploading a file first) · Target file/directory must be writable by the web server
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.0035
EPSS Percentile 58.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (1)
inc2734/Snow Monkey Forms < 12.0.3
Published Jan 28, 2026
Tracked Since Feb 18, 2026