EIP-2026-113896

PRE-CVE

WordPress Plugin Mini Mail Dashboard Widget 1.36 - Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113896. PoCs published by Ben Schmidt.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in the Mini Mail Dashboard Widget WordPress plugin. The vulnerability allows an attacker to include arbitrary files via the 'abspath' parameter, leading to potential remote code execution.

Description

WordPress Plugin Mini Mail Dashboard Widget 1.36 - Remote File Inclusion

Exploits (1)

exploitdb WORKING POC

by Ben Schmidt · textwebappsphp

https://www.exploit-db.com/exploits/17868

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in the Mini Mail Dashboard Widget WordPress plugin. The vulnerability allows an attacker to include arbitrary files via the 'abspath' parameter, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mini Mail Dashboard Widget WordPress plugin 1.36

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint · Ability to send POST requests with file uploads

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026