EIP-2026-113772

PRE-CVE

WordPress Plugin Front End Upload 0.5.4.4 - Arbitrary '.PHP' File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113772. PoCs published by Chris Kellum.

AI-analyzed exploit summary This is a technical writeup detailing an arbitrary PHP file upload vulnerability in WordPress Front End Upload v0.5.4.4. The vulnerability arises due to improper filetype filtering, allowing malicious files to be uploaded and executed.

Description

WordPress Plugin Front End Upload 0.5.4.4 - Arbitrary '.PHP' File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by Chris Kellum · textwebappsphp

https://www.exploit-db.com/exploits/20083

View Code ZIP pw:eip

This is a technical writeup detailing an arbitrary PHP file upload vulnerability in WordPress Front End Upload v0.5.4.4. The vulnerability arises due to improper filetype filtering, allowing malicious files to be uploaded and executed.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Front End Upload v0.5.4.4

No auth needed

Prerequisites: Access to the WordPress Front End Upload plugin

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026