EIP-2026-113855

PRE-CVE

WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113855. PoCs published by Aakash Choudhary.

AI-analyzed exploit summary This is a technical writeup detailing a stored XSS vulnerability in the WordPress plugin 'KN Fix Your Title' version 1.0.1. The vulnerability allows an attacker to inject malicious JavaScript via the 'Separator' input field, which is then stored in the database and executed when triggered.

Description

WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WRITEUP

by Aakash Choudhary · textwebappsphp

https://www.exploit-db.com/exploits/50143

View Code ZIP pw:eip

This is a technical writeup detailing a stored XSS vulnerability in the WordPress plugin 'KN Fix Your Title' version 1.0.1. The vulnerability allows an attacker to inject malicious JavaScript via the 'Separator' input field, which is then stored in the database and executed when triggered.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin KN Fix Your Title 1.0.1

Auth required

Prerequisites: WordPress 5.7.2 installed · KN Fix Your Title plugin version 1.0.1 installed and activated · Admin access to WordPress settings

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026