EIP-2026-113656

PRE-CVE

WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113656. PoCs published by Jagriti Sahu.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in the CopySafe PDF Protection WordPress plugin. The provided HTML form allows attackers to upload files to arbitrary directories via path traversal in the 'upload_path' parameter, potentially leading to remote code execution.

Description

WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jagriti Sahu · htmlwebappsphp

https://www.exploit-db.com/exploits/39254

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in the CopySafe PDF Protection WordPress plugin. The provided HTML form allows attackers to upload files to arbitrary directories via path traversal in the 'upload_path' parameter, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CopySafe PDF Protection WordPress plugin 0.6 and prior

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026