EIP-2026-109638
PRE-CVEMultiple WordPress Orange Themes - Cross-Site Request Forgery (Arbitrary File Upload)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-109638. PoCs published by Jje Incovers.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in multiple Orange Themes for WordPress, allowing unauthorized file uploads via a crafted form submission. The uploaded file can be accessed in the WordPress uploads directory, potentially leading to remote code execution if a malicious file is uploaded.
Description
Multiple WordPress Orange Themes - Cross-Site Request Forgery (Arbitrary File Upload)
Exploits (1)
This exploit demonstrates a CSRF vulnerability in multiple Orange Themes for WordPress, allowing unauthorized file uploads via a crafted form submission. The uploaded file can be accessed in the WordPress uploads directory, potentially leading to remote code execution if a malicious file is uploaded.