EIP-2026-113863
PRE-CVEWordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113863. PoCs published by NinTechNet.
AI-analyzed exploit summary This exploit demonstrates an unauthenticated arbitrary file upload vulnerability in WordPress LearnDash 2.5.3, allowing attackers to upload malicious PHP files by bypassing file extension checks via double extensions (e.g., shell.php.php). The uploaded file is executed due to Apache's handling of trailing dots in PHP CGI/FastCGI environments.
Description
WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload
Exploits (1)
This exploit demonstrates an unauthenticated arbitrary file upload vulnerability in WordPress LearnDash 2.5.3, allowing attackers to upload malicious PHP files by bypassing file extension checks via double extensions (e.g., shell.php.php). The uploaded file is executed due to Apache's handling of trailing dots in PHP CGI/FastCGI environments.