EIP-2026-113553

PRE-CVE

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113553. PoCs published by Alessandro Cingolani.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in Albo Pretorio Online 3.2, including unauthenticated SQL injection, authenticated blind SQL injection, CSRF, and stored XSS. It provides specific endpoints and attack vectors but does not include functional exploit code.

Description

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP
by Alessandro Cingolani · textwebappsphp
https://www.exploit-db.com/exploits/37464

This is a technical writeup detailing multiple vulnerabilities in Albo Pretorio Online 3.2, including unauthenticated SQL injection, authenticated blind SQL injection, CSRF, and stored XSS. It provides specific endpoints and attack vectors but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target: Albo Pretorio Online 3.2
No auth needed
Prerequisites: Access to the target WordPress site · For authenticated vulnerabilities, valid credentials
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026