EIP-2026-113724

PRE-CVE

WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113724. PoCs published by anonymous.

AI-analyzed exploit summary The provided code demonstrates multiple CSRF vulnerabilities in the Event Easy Calendar WordPress plugin (v1.0.0). It includes functional HTML forms that exploit these vulnerabilities to perform unauthorized actions such as adding/updating customers, creating bookings, and modifying settings.

Description

WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · htmlwebappsphp

https://www.exploit-db.com/exploits/38753

View Code ZIP pw:eip

The provided code demonstrates multiple CSRF vulnerabilities in the Event Easy Calendar WordPress plugin (v1.0.0). It includes functional HTML forms that exploit these vulnerabilities to perform unauthorized actions such as adding/updating customers, creating bookings, and modifying settings.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Event Easy Calendar WordPress plugin v1.0.0

No auth needed

Prerequisites: Victim must visit a malicious page hosting the CSRF forms · WordPress site with vulnerable plugin installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026