EIP-2026-113787

PRE-CVE

WordPress Plugin GigPress 2.1.10 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113787. PoCs published by Saif El-Sherei.

AI-analyzed exploit summary The exploit describes a stored XSS vulnerability in the GigPress WordPress plugin version 2.1.10, where the 'Notes' field in the 'Add A Show' section fails to sanitize user input, allowing malicious HTML/JS injection. The PoC demonstrates a simple alert-based XSS payload.

Description

WordPress Plugin GigPress 2.1.10 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Saif El-Sherei · textwebappsphp

https://www.exploit-db.com/exploits/16232

View Code ZIP pw:eip

The exploit describes a stored XSS vulnerability in the GigPress WordPress plugin version 2.1.10, where the 'Notes' field in the 'Add A Show' section fails to sanitize user input, allowing malicious HTML/JS injection. The PoC demonstrates a simple alert-based XSS payload.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: GigPress WordPress plugin 2.1.10

Auth required

Prerequisites: Contributor-level access or higher in WordPress · GigPress plugin version 2.1.10 installed

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026