EIP-2026-113880

PRE-CVE

WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113880. PoCs published by Ben Schmidt.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in the Mailing List WordPress plugin (version 1.3.2). The vulnerable code in 'config.php' allows an attacker to include arbitrary remote files via the 'wpabspath' parameter, leading to potential remote code execution.

Description

WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion

Exploits (1)

exploitdb WORKING POC

by Ben Schmidt · textwebappsphp

https://www.exploit-db.com/exploits/17866

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in the Mailing List WordPress plugin (version 1.3.2). The vulnerable code in 'config.php' allows an attacker to include arbitrary remote files via the 'wpabspath' parameter, leading to potential remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mailing List WordPress plugin v1.3.2

No auth needed

Prerequisites: Target must have the vulnerable plugin installed and accessible · Remote file inclusion must be enabled on the server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026