EIP-2026-113683

PRE-CVE

WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113683. PoCs published by Ben Schmidt.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in the Disclosure Policy Plugin for WordPress. The vulnerability arises from unsanitized user input in the 'abspath' parameter, allowing an attacker to include arbitrary remote files. The PoC provides a URL structure to trigger the vulnerability.

Description

WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion

Exploits (1)

exploitdb WORKING POC

by Ben Schmidt · textwebappsphp

https://www.exploit-db.com/exploits/17865

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in the Disclosure Policy Plugin for WordPress. The vulnerability arises from unsanitized user input in the 'abspath' parameter, allowing an attacker to include arbitrary remote files. The PoC provides a URL structure to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Disclosure Policy Plugin for WordPress 1.0

No auth needed

Prerequisites: WordPress installation with the vulnerable plugin · Network access to the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026