EIP-2026-113556

PRE-CVE

WordPress Plugin All In One WP Security & Firewall 3.8.3 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113556. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The exploit demonstrates a persistent XSS vulnerability in the All In One WordPress Security plugin v3.8.3, where malicious script codes can be injected via the 404 detection redirect URL and file name error logs URL input fields. The PoC shows how an attacker can inject script codes that persist and execute in the application context.

Description

WordPress Plugin All In One WP Security & Firewall 3.8.3 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/34854

View Code ZIP pw:eip

The exploit demonstrates a persistent XSS vulnerability in the All In One WordPress Security plugin v3.8.3, where malicious script codes can be injected via the 404 detection redirect URL and file name error logs URL input fields. The PoC shows how an attacker can inject script codes that persist and execute in the application context.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: All In One WP Security and Firewall v3.8.3

Auth required

Prerequisites: Access to the WordPress admin panel · Ability to modify plugin settings

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026