EIP-2026-113541

PRE-CVE

WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113541. PoCs published by 8bitsec.

AI-analyzed exploit summary The document describes a Stored XSS and Blind SQL Injection vulnerability in Ads Pro Plugin for WordPress. It provides payload examples for both vulnerabilities but does not include functional exploit code.

Description

WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection

Exploits (1)

exploitdb WRITEUP

by 8bitsec · textwebappsphp

https://www.exploit-db.com/exploits/42380

View Code ZIP pw:eip

The document describes a Stored XSS and Blind SQL Injection vulnerability in Ads Pro Plugin for WordPress. It provides payload examples for both vulnerabilities but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Moderate

Reliability

Reliable

Target: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= v3.4

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026