EIP-2026-113904

PRE-CVE

WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113904. PoCs published by Crim3R.

AI-analyzed exploit summary The writeup describes an arbitrary file upload vulnerability in the Monsters Editor plugin for WordPress, specifically in the WP Super Edit plugin. The vulnerability allows attackers to upload and execute arbitrary code due to insufficient input sanitization.

Description

WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by Crim3R · textwebappsphp

https://www.exploit-db.com/exploits/37654

View Code ZIP pw:eip

The writeup describes an arbitrary file upload vulnerability in the Monsters Editor plugin for WordPress, specifically in the WP Super Edit plugin. The vulnerability allows attackers to upload and execute arbitrary code due to insufficient input sanitization.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WP Super Edit plugin for WordPress (Monsters Editor component)

No auth needed

Prerequisites: Access to the vulnerable plugin's file upload endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026