EIP-2026-113699

PRE-CVE

WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113699. PoCs published by aceeeeeeeer ..

AI-analyzed exploit summary This exploit demonstrates a file disclosure vulnerability in WordPress DZS Video Gallery plugin (version 3.1.3 and earlier) via the 'swfloc' parameter in preview.php, allowing remote and local file access. The PoC shows how an attacker can retrieve arbitrary SWF files by manipulating the parameter.

Description

WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by aceeeeeeeer . · textwebappsphp

https://www.exploit-db.com/exploits/30063

View Code ZIP pw:eip

This exploit demonstrates a file disclosure vulnerability in WordPress DZS Video Gallery plugin (version 3.1.3 and earlier) via the 'swfloc' parameter in preview.php, allowing remote and local file access. The PoC shows how an attacker can retrieve arbitrary SWF files by manipulating the parameter.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress DZS Video Gallery plugin <= 3.1.3

No auth needed

Prerequisites: WordPress installation with vulnerable DZS Video Gallery plugin

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026