EIP-2026-113861
PRE-CVEWordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113861. PoCs published by Heine Pedersen.
AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in the LeagueManager WordPress plugin by injecting malicious script tags via unsanitized URL parameters. The PoC includes two example URLs that trigger arbitrary JavaScript execution in the context of the affected site.
Description
WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
Exploits (1)
The exploit demonstrates a reflected XSS vulnerability in the LeagueManager WordPress plugin by injecting malicious script tags via unsanitized URL parameters. The PoC includes two example URLs that trigger arbitrary JavaScript execution in the context of the affected site.