EIP-2026-113778

PRE-CVE

WordPress Plugin Gallery - 'filename_1' Arbitrary File Access

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113778. PoCs published by Beni_Vanda.

AI-analyzed exploit summary The provided text describes an arbitrary file-read vulnerability in the Gallery plugin for WordPress, specifically affecting version 3.8.3. The vulnerability allows remote attackers to read arbitrary files by manipulating the 'filename_1' parameter in the plugin's PHP file.

Description

WordPress Plugin Gallery - 'filename_1' Arbitrary File Access

Exploits (1)

exploitdb WRITEUP VERIFIED
by Beni_Vanda · textwebappsphp
https://www.exploit-db.com/exploits/38209

The provided text describes an arbitrary file-read vulnerability in the Gallery plugin for WordPress, specifically affecting version 3.8.3. The vulnerability allows remote attackers to read arbitrary files by manipulating the 'filename_1' parameter in the plugin's PHP file.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Gallery plugin for WordPress 3.8.3
No auth needed
Prerequisites: Access to the vulnerable WordPress plugin endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026