EIP-2026-113863

This exploit demonstrates an unauthenticated arbitrary file upload vulnerability in WordPress LearnDash 2.5.3, allowing attackers to upload malicious PHP files by bypassing file extension checks via double extensions (e.g., shell.php.php). The uploaded file is executed due to Apache's handling of trailing dots in PHP CGI/FastCGI environments.