EIP-2026-106081

PRE-CVE

comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106081. PoCs published by Diaa Hanna.

AI-analyzed exploit summary This exploit demonstrates an unauthorized settings reset vulnerability in the Comments Like Dislike WordPress plugin (CVE-2023-3244) by leveraging a missing capability check in the restore_settings function. It authenticates as a low-privilege user and triggers the vulnerable AJAX action to reset plugin settings.

Description

comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset

Exploits (1)

exploitdb WORKING POC

by Diaa Hanna · pythonwebappsphp

https://www.exploit-db.com/exploits/51809

View Code ZIP pw:eip

This exploit demonstrates an unauthorized settings reset vulnerability in the Comments Like Dislike WordPress plugin (CVE-2023-3244) by leveraging a missing capability check in the restore_settings function. It authenticates as a low-privilege user and triggers the vulnerable AJAX action to reset plugin settings.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Comments Like Dislike WordPress plugin <= 1.2.0

Auth required

Prerequisites: Valid WordPress credentials (even subscriber-level) · Access to wp-login.php and admin-ajax.php

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026