EIP-2026-113665

PRE-CVE

WordPress Plugin CP Contact Form with Paypal 1.1.5 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113665. PoCs published by Nitin Venkatesh.

AI-analyzed exploit summary The exploit demonstrates CSRF, XSS, and SQL injection vulnerabilities in the CP Contact Form with Paypal WordPress Plugin v1.1.5. It includes functional PoC code for crafting malicious requests to manipulate forms, inject scripts, and execute SQL queries.

Description

WordPress Plugin CP Contact Form with Paypal 1.1.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC
by Nitin Venkatesh · textwebappsphp
https://www.exploit-db.com/exploits/37603

The exploit demonstrates CSRF, XSS, and SQL injection vulnerabilities in the CP Contact Form with Paypal WordPress Plugin v1.1.5. It includes functional PoC code for crafting malicious requests to manipulate forms, inject scripts, and execute SQL queries.

Classification
Working Poc 95%
Attack Type
Xss | Sqli | Csrf
Complexity
Trivial
Reliability
Reliable
Target: CP Contact Form with Paypal WordPress Plugin v1.1.5
No auth needed
Prerequisites: Access to a vulnerable WordPress installation with the plugin installed · Ability to trick an admin into clicking a malicious link or submitting a crafted form
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026