EIP-2026-113809
PRE-CVEWordPress Plugin History Collection 1.1.1 - Arbitrary File Download
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113809. PoCs published by Kuroi'SH.
AI-analyzed exploit summary The exploit demonstrates an arbitrary file download vulnerability in WordPress History Collection plugin <=1.1.1 due to improper filtering of the GET parameter 'var' in download.php. This allows attackers to download sensitive files like wp-config.php via directory traversal.
Description
WordPress Plugin History Collection 1.1.1 - Arbitrary File Download
Exploits (1)
The exploit demonstrates an arbitrary file download vulnerability in WordPress History Collection plugin <=1.1.1 due to improper filtering of the GET parameter 'var' in download.php. This allows attackers to download sensitive files like wp-config.php via directory traversal.