EIP-2026-104787

PRE-CVE

WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104787. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in WordPress Ajax Load More plugin (version 2.8.1.1). It allows authenticated users to upload malicious PHP files and achieve remote code execution by leveraging a nonce-based authentication bypass.

Description

WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/38660

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in WordPress Ajax Load More plugin (version 2.8.1.1). It allows authenticated users to upload malicious PHP files and achieve remote code execution by leveraging a nonce-based authentication bypass.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Ajax Load More 2.8.1.1

Auth required

Prerequisites: Valid WordPress credentials · Ajax Load More plugin version 2.8.1.1

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026