EIP-2026-113611

PRE-CVE

WordPress Plugin Bulk Delete 5.5.3 - Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113611. PoCs published by Panagiotis Vagenas.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in the WordPress Bulk Delete plugin (v5.5.3), allowing any registered user to perform administrative actions such as deleting pages, posts, and users due to missing capability checks.

Description

WordPress Plugin Bulk Delete 5.5.3 - Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by Panagiotis Vagenas · textwebappsphp

https://www.exploit-db.com/exploits/39521

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in the WordPress Bulk Delete plugin (v5.5.3), allowing any registered user to perform administrative actions such as deleting pages, posts, and users due to missing capability checks.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Bulk Delete Plugin v5.5.3

Auth required

Prerequisites: Valid user account on the target WordPress site

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026