EIP-2026-112710

PRE-CVE

TinyMCE WYSIWYG Editor - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112710. PoCs published by mc2_s3lector.

AI-analyzed exploit summary This is a writeup describing XSS and SQL injection vulnerabilities in TinyMCE WYSIWYG editor, with examples of payloads and exploitation techniques. It includes dorks for finding vulnerable instances and sample attack vectors.

Description

TinyMCE WYSIWYG Editor - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP
by mc2_s3lector · textwebappsphp
https://www.exploit-db.com/exploits/11358

This is a writeup describing XSS and SQL injection vulnerabilities in TinyMCE WYSIWYG editor, with examples of payloads and exploitation techniques. It includes dorks for finding vulnerable instances and sample attack vectors.

Classification
Writeup 80%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TinyMCE WYSIWYG editor (version not specified)
No auth needed
Prerequisites: Vulnerable TinyMCE installation · Access to a vulnerable endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026