EIP-2026-113672

PRE-CVE

WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113672. PoCs published by Vikas Srivastava.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in the WordPress plugin 'Current Book' version 1.0.1. The exploit involves injecting malicious JavaScript payloads into the 'Book Title and Author' fields, which are then stored in the database and executed when triggered.

Description

WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Vikas Srivastava · textwebappsphp

https://www.exploit-db.com/exploits/50127

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in the WordPress plugin 'Current Book' version 1.0.1. The exploit involves injecting malicious JavaScript payloads into the 'Book Title and Author' fields, which are then stored in the database and executed when triggered.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Current Book 1.0.1

Auth required

Prerequisites: WordPress 5.7.2 installed · Current Book plugin version 1.0.1 installed and activated · Admin access to WordPress dashboard

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026