EIP-2026-113784

PRE-CVE

WordPress Plugin Generic - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113784. PoCs published by KedAns-Dz.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in the Generic Plugin for WordPress, allowing an attacker to upload and execute arbitrary PHP code. The exploit sends a multipart POST request to upload a malicious PHP file and then triggers its execution via a GET request.

Description

WordPress Plugin Generic - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by KedAns-Dz · rubywebappsphp

https://www.exploit-db.com/exploits/37501

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in the Generic Plugin for WordPress, allowing an attacker to upload and execute arbitrary PHP code. The exploit sends a multipart POST request to upload a malicious PHP file and then triggers its execution via a GET request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Generic Plugin 0.1 (and other versions)

No auth needed

Prerequisites: Target WordPress installation with vulnerable plugin · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1204 - User Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026