EIP-2026-113505

PRE-CVE

WordPress Core 5.2.3 - Cross-Site Host Modification

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113505. PoCs published by Todor Donev.

AI-analyzed exploit summary This Perl script demonstrates a Cross Site Host Modification vulnerability in WordPress <= 5.2.3 by sending a crafted HTTP request with a modified 'Host' header to redirect responses to an attacker-controlled domain. It leverages the lack of proper validation in WordPress's handling of the Host header.

Description

WordPress Core 5.2.3 - Cross-Site Host Modification

Exploits (1)

exploitdb WORKING POC

by Todor Donev · perlwebappsphp

https://www.exploit-db.com/exploits/47361

View Code ZIP pw:eip

This Perl script demonstrates a Cross Site Host Modification vulnerability in WordPress <= 5.2.3 by sending a crafted HTTP request with a modified 'Host' header to redirect responses to an attacker-controlled domain. It leverages the lack of proper validation in WordPress's handling of the Host header.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: WordPress <= 5.2.3

No auth needed

Prerequisites: Target WordPress site running version <= 5.2.3 · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026