EIP-2026-113716

PRE-CVE

WordPress Plugin Effective Lead Management 3.0.0 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113716. PoCs published by Chris Kellum.

AI-analyzed exploit summary The exploit describes a persistent XSS vulnerability in WP Lead Management v3.0.0 due to improper input sanitization in form fields. The XSS payload executes when an admin views the lead management page or interacts with the 'requirements' field.

Description

WordPress Plugin Effective Lead Management 3.0.0 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Chris Kellum · textwebappsphp

https://www.exploit-db.com/exploits/20270

View Code ZIP pw:eip

The exploit describes a persistent XSS vulnerability in WP Lead Management v3.0.0 due to improper input sanitization in form fields. The XSS payload executes when an admin views the lead management page or interacts with the 'requirements' field.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WP Lead Management v3.0.0

No auth needed

Prerequisites: Access to submit a form with malicious input

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026