EIP-2026-113767

PRE-CVE

WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113767. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in the WordPress Foxypress plugin (versions 0.4.2.1 and below) via the uploadify.php script, allowing remote code execution by uploading a malicious PHP file.

Description

WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/19100

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in the WordPress Foxypress plugin (versions 0.4.2.1 and below) via the uploadify.php script, allowing remote code execution by uploading a malicious PHP file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Foxypress plugin <= 0.4.2.1

No auth needed

Prerequisites: Target must have the vulnerable Foxypress plugin installed · Uploadify script must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026