EIP-2026-113666

PRE-CVE

WordPress Plugin CP Image Store with Slideshow 1.0.5 - Arbitrary File Download

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113666. PoCs published by i0akiN SEC-LABORATORY.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file download vulnerability in WordPress CP Image Store with Slideshow 1.0.5. The vulnerability allows remote attackers to download arbitrary files from the server by manipulating the 'f' parameter in a crafted HTTP request.

Description

WordPress Plugin CP Image Store with Slideshow 1.0.5 - Arbitrary File Download

Exploits (1)

exploitdb WORKING POC VERIFIED

by i0akiN SEC-LABORATORY · textwebappsphp

https://www.exploit-db.com/exploits/37559

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file download vulnerability in WordPress CP Image Store with Slideshow 1.0.5. The vulnerability allows remote attackers to download arbitrary files from the server by manipulating the 'f' parameter in a crafted HTTP request.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress CP Image Store with Slideshow 1.0.5

No auth needed

Prerequisites: Access to the target WordPress site with the vulnerable plugin installed

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026