EIP-2026-113798

PRE-CVE

WordPress Plugin Googmonify 0.8.1 - Cross-Site Scripting / Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113798. PoCs published by Ehsan Hosseini.

AI-analyzed exploit summary This exploit demonstrates CSRF and XSS vulnerabilities in the WordPress Googmonify plugin (v0.8.1) due to unsanitized input fields. The PoC includes forms that submit malicious payloads to trigger XSS via stored input values.

Description

WordPress Plugin Googmonify 0.8.1 - Cross-Site Scripting / Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ehsan Hosseini · textwebappsphp

https://www.exploit-db.com/exploits/37906

View Code ZIP pw:eip

This exploit demonstrates CSRF and XSS vulnerabilities in the WordPress Googmonify plugin (v0.8.1) due to unsanitized input fields. The PoC includes forms that submit malicious payloads to trigger XSS via stored input values.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Googmonify Plugin v0.8.1

Auth required

Prerequisites: Access to a WordPress admin session · Victim interaction to submit the form

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026