CVE-2026-1306

CRITICAL NUCLEI

Midi-Synth <1.1.0 - Unauthenticated RCE

Title source: llm

Description

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible to unauthenticated attackers.

Exploits (2)

github SUSPICIOUS 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-1306

View Code ZIP pw:eip

nomisec SUSPICIOUS 2 stars

by richardpaimu34 · poc

https://github.com/richardpaimu34/CVE-2026-1306

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload

CRITICALVERIFIEDby pussycat0x

References (6)

[Product] https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynth.php#L110

[Product] https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynth.php#L121

[Product] https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynthConvert.php#L421

[Product] https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynthConvert.php#L492

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460788%40midi-synth&new=3460788%40midi-synth&sfp_email=&sfph_mail=

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b695d7-c690-4748-b218-5699d1aa63bf?source=cve

Scores

CVSS v3 9.8

EPSS 0.2773

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

adminkov/midi-Synth < 1.1.0

Published Feb 14, 2026

Tracked Since Feb 18, 2026