EIP-2026-113720

PRE-CVE

WordPress Plugin Enable Media Replace - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113720. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary This is a detailed technical writeup describing SQL injection and arbitrary file upload vulnerabilities in the Enable Media Replace WordPress Plugin. It includes specific exploit details, such as the SQLi payload and the lack of file extension checks, along with impact analysis and mitigation steps.

Description

WordPress Plugin Enable Media Replace - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Ulf Harnhammar · textwebappsphp

https://www.exploit-db.com/exploits/16144

View Code ZIP pw:eip

This is a detailed technical writeup describing SQL injection and arbitrary file upload vulnerabilities in the Enable Media Replace WordPress Plugin. It includes specific exploit details, such as the SQLi payload and the lack of file extension checks, along with impact analysis and mitigation steps.

Classification

Writeup 100%

Attack Type

Sqli | Info Leak | Rce

Complexity

Trivial

Reliability

Reliable

Target: Enable Media Replace WordPress Plugin 2.3 and prior

Auth required

Prerequisites: Valid WordPress user with Author or higher permissions

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026