EIP-2026-104790
PRE-CVEWordPress Plugin N-Media Website Contact Form - Arbitrary File Upload (Metasploit)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-104790. PoCs published by Metasploit.
AI-analyzed exploit summary This Metasploit module exploits an arbitrary PHP file upload vulnerability in the WordPress N-Media Website Contact Form plugin (version 1.3.4), allowing remote code execution by uploading a malicious PHP payload via a multipart form request.
Description
WordPress Plugin N-Media Website Contact Form - Arbitrary File Upload (Metasploit)
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/36810
This Metasploit module exploits an arbitrary PHP file upload vulnerability in the WordPress N-Media Website Contact Form plugin (version 1.3.4), allowing remote code execution by uploading a malicious PHP payload via a multipart form request.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
WordPress N-Media Website Contact Form plugin v1.3.4
No auth needed
Prerequisites:
Target running vulnerable WordPress plugin · Network access to the WordPress admin-ajax.php endpoint
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026