EIP-2026-113681
PRE-CVEWordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113681. PoCs published by TheXero.
AI-analyzed exploit summary This is a security advisory detailing a persistent XSS vulnerability in Dexs PM System WordPress Plugin Version 1.0.1. The vulnerability allows authenticated users to inject malicious scripts via the subject field when sending messages.
Description
WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
by TheXero · textwebappsphp
https://www.exploit-db.com/exploits/28970
This is a security advisory detailing a persistent XSS vulnerability in Dexs PM System WordPress Plugin Version 1.0.1. The vulnerability allows authenticated users to inject malicious scripts via the subject field when sending messages.
Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Dexs PM System WordPress Plugin Version 1.0.1
Auth required
Prerequisites:
Authenticated user account with at least subscriber status
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026