EIP-2026-113836

PRE-CVE

WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113836. PoCs published by Sipke Mellema.

AI-analyzed exploit summary This is a functional proof-of-concept for a persistent Cross-Site Scripting (XSS) vulnerability in the Instagram Feed WordPress plugin via CSRF. The exploit demonstrates how an attacker can inject malicious JavaScript into the plugin's settings, which executes when any user visits the Instagram Feed.

Description

WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by Sipke Mellema · htmlwebappsphp

https://www.exploit-db.com/exploits/40795

View Code ZIP pw:eip

This is a functional proof-of-concept for a persistent Cross-Site Scripting (XSS) vulnerability in the Instagram Feed WordPress plugin via CSRF. The exploit demonstrates how an attacker can inject malicious JavaScript into the plugin's settings, which executes when any user visits the Instagram Feed.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Instagram Feed WordPress Plugin version 1.4.6.2

Auth required

Prerequisites: An authenticated WordPress Administrator must visit a malicious URL

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026