EIP-2026-113888

PRE-CVE

WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113888. PoCs published by Richard Brain.

AI-analyzed exploit summary This exploit demonstrates directory traversal vulnerabilities in the Mediatricks Viva Thumbs WordPress plugin, allowing attackers to read arbitrary files outside the webroot. The PoC provides multiple URLs with traversal sequences to confirm file existence.

Description

WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Richard Brain · textwebappsphp

https://www.exploit-db.com/exploits/35133

View Code ZIP pw:eip

This exploit demonstrates directory traversal vulnerabilities in the Mediatricks Viva Thumbs WordPress plugin, allowing attackers to read arbitrary files outside the webroot. The PoC provides multiple URLs with traversal sequences to confirm file existence.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mediatricks Viva Thumbs WordPress plugin

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoints

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026