EIP-2026-113947
PRE-CVEWordPress Plugin Paid Downloads 2.01 - SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113947. PoCs published by Miroslav Stampar.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the WordPress Paid Downloads plugin (version <= 2.01). The vulnerability arises from unsanitized user input in the 'download_key' parameter, allowing an attacker to inject malicious SQL queries. The PoC uses a time-based blind SQL injection technique to verify the vulnerability.
Description
WordPress Plugin Paid Downloads 2.01 - SQL Injection
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in the WordPress Paid Downloads plugin (version <= 2.01). The vulnerability arises from unsanitized user input in the 'download_key' parameter, allowing an attacker to inject malicious SQL queries. The PoC uses a time-based blind SQL injection technique to verify the vulnerability.