EIP-2026-113821

PRE-CVE

WordPress Plugin iLive 1.0.4 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113821. PoCs published by m0ze.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the iLive WordPress plugin v1.0.4. The PoC provides multiple payload examples that can be injected via the chat input field, leading to arbitrary JavaScript execution in the admin panel.

Description

WordPress Plugin iLive 1.0.4 - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by m0ze · textwebappsphp

https://www.exploit-db.com/exploits/47036

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the iLive WordPress plugin v1.0.4. The PoC provides multiple payload examples that can be injected via the chat input field, leading to arbitrary JavaScript execution in the admin panel.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: iLive - Intelligent WordPress Live Chat Support Plugin v1.0.4

No auth needed

Prerequisites: Access to the chat input field on a vulnerable WordPress site

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026