EIP-2026-113878

PRE-CVE

WordPress Plugin MailChimp Subscribe Forms 1.1 - Remote Code Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113878. PoCs published by woodspeed.

AI-analyzed exploit summary This exploit demonstrates a Remote Code Execution (RCE) vulnerability in the WordPress MailChimp Subscribe Forms plugin (version 1.1). The vulnerability allows an attacker to inject PHP code into the 'sm_email' parameter, which is executed when an admin views the subscribers list.

Description

WordPress Plugin MailChimp Subscribe Forms 1.1 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC
by woodspeed · textwebappsphp
https://www.exploit-db.com/exploits/37111

This exploit demonstrates a Remote Code Execution (RCE) vulnerability in the WordPress MailChimp Subscribe Forms plugin (version 1.1). The vulnerability allows an attacker to inject PHP code into the 'sm_email' parameter, which is executed when an admin views the subscribers list.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress MailChimp Subscribe Forms plugin v1.1
No auth needed
Prerequisites: Access to the plugin's subscription form · Admin user must view the subscribers list
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026