EIP-2026-113536

PRE-CVE

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113536. PoCs published by Kacper Szurek.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in Admin Management Xtended 2.4.0 due to missing privilege checks in wp_ajax functions, allowing authenticated users to perform unauthorized actions such as modifying post titles and media descriptions via XSS.

Description

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation

Exploits (1)

exploitdb WORKING POC

by Kacper Szurek · textwebappsphp

https://www.exploit-db.com/exploits/38966

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in Admin Management Xtended 2.4.0 due to missing privilege checks in wp_ajax functions, allowing authenticated users to perform unauthorized actions such as modifying post titles and media descriptions via XSS.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Admin Management Xtended 2.4.0

Auth required

Prerequisites: Authenticated user account on the WordPress site

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026