EIP-2026-112964

PRE-CVE

Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112964. PoCs published by Henry Hoggard.

AI-analyzed exploit summary This exploit demonstrates multiple CSRF vulnerabilities in Vanilla Forums and Van2Shout plugin. It provides specific URLs that can be used to perform actions like bookmarking, unbookmarking, deleting messages, and posting to a chat box without user interaction.

Description

Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Henry Hoggard · textwebappsphp

https://www.exploit-db.com/exploits/24957

View Code ZIP pw:eip

This exploit demonstrates multiple CSRF vulnerabilities in Vanilla Forums and Van2Shout plugin. It provides specific URLs that can be used to perform actions like bookmarking, unbookmarking, deleting messages, and posting to a chat box without user interaction.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Vanilla Forums <= 2.0.18.8 & Van2Shout 1.0.51

No auth needed

Prerequisites: Victim must visit a crafted URL or page containing the exploit

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026