EIP-2026-113565

PRE-CVE

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113565. PoCs published by Ali S. Ahmad.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in the WordPress Anti-Malware Security and Bruteforce Firewall plugin (version 4.18.63). It allows authenticated users to read arbitrary files by manipulating the GOTMLS_scan parameter with a base64-encoded file path.

Description

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

Exploits (1)

exploitdb WORKING POC

by Ali S. Ahmad · textwebappsphp

https://www.exploit-db.com/exploits/46618

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion vulnerability in the WordPress Anti-Malware Security and Bruteforce Firewall plugin (version 4.18.63). It allows authenticated users to read arbitrary files by manipulating the GOTMLS_scan parameter with a base64-encoded file path.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Anti-Malware Security and Bruteforce Firewall (Version 4.18.63)

Auth required

Prerequisites: Authenticated access to WordPress admin panel

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026