EIP-2026-113715

PRE-CVE

WordPress Plugin EditorMonkey 2.5 - 'FCKeditor' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113715. PoCs published by kaMtiEz.

AI-analyzed exploit summary This exploit demonstrates a remote file upload vulnerability in WordPress EditorMonkey (FCKeditor) plugin version 2.5 or lower. The vulnerable endpoint allows unauthenticated file uploads, enabling an attacker to upload arbitrary files to the server.

Description

WordPress Plugin EditorMonkey 2.5 - 'FCKeditor' Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by kaMtiEz · textwebappsphp

https://www.exploit-db.com/exploits/17284

View Code ZIP pw:eip

This exploit demonstrates a remote file upload vulnerability in WordPress EditorMonkey (FCKeditor) plugin version 2.5 or lower. The vulnerable endpoint allows unauthenticated file uploads, enabling an attacker to upload arbitrary files to the server.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress EditorMonkey (FCKeditor) plugin v2.5 or lower

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026