EIP-2026-105101

PRE-CVE

all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105101. PoCs published by Unk9vvN.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in the all-in-one-seo-pack WordPress plugin version 3.2.7. The payload is injected into the 'Additional Front Page Headers' and 'Additional Posts Page Headers' fields, which are then executed when the page is visited.

Description

all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Unk9vvN · textwebappsphp

https://www.exploit-db.com/exploits/47425

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in the all-in-one-seo-pack WordPress plugin version 3.2.7. The payload is injected into the 'Additional Front Page Headers' and 'Additional Posts Page Headers' fields, which are then executed when the page is visited.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: all-in-one-seo-pack 3.2.7

Auth required

Prerequisites: Access to WordPress admin panel · all-in-one-seo-pack plugin version 3.2.7 installed

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026