EIP-2026-113863

PRE-CVE

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113863. PoCs published by NinTechNet.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated arbitrary file upload vulnerability in WordPress LearnDash 2.5.3, allowing attackers to upload malicious PHP files by bypassing file extension checks via double extensions (e.g., shell.php.php). The uploaded file is executed due to Apache's handling of trailing dots in PHP CGI/FastCGI environments.

Description

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC
by NinTechNet · textwebappsphp
https://www.exploit-db.com/exploits/43461

This exploit demonstrates an unauthenticated arbitrary file upload vulnerability in WordPress LearnDash 2.5.3, allowing attackers to upload malicious PHP files by bypassing file extension checks via double extensions (e.g., shell.php.php). The uploaded file is executed due to Apache's handling of trailing dots in PHP CGI/FastCGI environments.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress LearnDash 2.5.3
No auth needed
Prerequisites: WordPress with LearnDash plugin enabled · Apache with PHP CGI/FastCGI SAPI
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026