EIP-2026-113756

PRE-CVE

WordPress Plugin FlagEm - 'cID' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113756. PoCs published by IeDb ir.

AI-analyzed exploit summary The FlagEm plugin for WordPress is vulnerable to a cross-site scripting (XSS) attack due to insufficient input sanitization in the 'cID' parameter of flagit.php. An attacker can inject arbitrary JavaScript code, which executes in the context of the victim's browser session.

Description

WordPress Plugin FlagEm - 'cID' Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by IeDb ir · textwebappsphp

https://www.exploit-db.com/exploits/38674

View Code ZIP pw:eip

The FlagEm plugin for WordPress is vulnerable to a cross-site scripting (XSS) attack due to insufficient input sanitization in the 'cID' parameter of flagit.php. An attacker can inject arbitrary JavaScript code, which executes in the context of the victim's browser session.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FlagEm plugin for WordPress

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026