EIP-2026-113893

PRE-CVE

WordPress Plugin mingle forum 1.0.26 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113893. PoCs published by Charles Hooper.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in the Mingle Forum WordPress plugin, including SQL injection flaws in the RSS feed generator and edit post functionality, as well as an authentication bypass via direct request. It provides technical descriptions and proof-of-concept URLs demonstrating the exploits.

Description

WordPress Plugin mingle forum 1.0.26 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Charles Hooper · textwebappsphp

https://www.exploit-db.com/exploits/15943

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in the Mingle Forum WordPress plugin, including SQL injection flaws in the RSS feed generator and edit post functionality, as well as an authentication bypass via direct request. It provides technical descriptions and proof-of-concept URLs demonstrating the exploits.

Classification

Writeup 100%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Mingle Forum WordPress Plugin (1.0.24, 1.0.26)

No auth needed

Prerequisites: Access to the target WordPress site with Mingle Forum plugin installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026