CVE-2026-1555

CRITICAL

WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-1555. PoCs published by Nxploited, willygailo.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-1555, targeting a WordPress vulnerability in the 'img_upload' AJAX action. The script automates the upload of a local file (e.g., shell.php) to multiple targets via a multipart/form-data POST request, leveraging the vulnerable endpoint to achieve remote code execution (RCE).

Description

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (2)

nomisec WORKING POC 1 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2026-1555

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-1555, targeting a WordPress vulnerability in the 'img_upload' AJAX action. The script automates the upload of a local file (e.g., shell.php) to multiple targets via a multipart/form-data POST request, leveraging the vulnerable endpoint to achieve remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress (specific version not explicitly stated in code)

No auth needed

Prerequisites: List of target URLs in a file (default: list.txt) · Local payload file (e.g., shell.php)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 18, 2026 Full analysis →

github WORKING POC

by willygailo · pythonpoc

https://github.com/willygailo/WG-CVE-2026-1555-Linux

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-1555, targeting the WebStack WordPress theme. It includes a Python-based exploit script (obfuscated with PyArmor) and a PHP web shell (ms.php) for post-exploitation, indicating a remote code execution (RCE) vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebStack WordPress Theme

No auth needed

Prerequisites: Target running WebStack WordPress theme · Network access to the vulnerable endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 08, 2026 Full analysis →

References (3)

Core 3

Core References

https://www.wordfence.com/threat-intel/vulnerabilities/id/b97805de-1b47-4c9f-baae-2e37c1b78570?source=cve

https://github.com/owen0o0/WebStack/blob/master/inc/ajax.php#L5

View Writeup ZIP pw:eip

https://github.com/owen0o0/WebStack/tree/master

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 20.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Owen/WebStack < 1.2024

Published Apr 15, 2026

Tracked Since Apr 15, 2026