EIP-2026-113981

PRE-CVE

WordPress Plugin Premium Gallery Manager - Configuration Access

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113981. PoCs published by Hannaichi.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated configuration access vulnerability in the WordPress Premium Gallery Manager plugin. It allows an attacker to modify WordPress settings, such as the admin email and default user role, by sending crafted POST requests to the vulnerable AJAX endpoint.

Description

WordPress Plugin Premium Gallery Manager - Configuration Access

Exploits (1)

exploitdb WORKING POC
by Hannaichi · textwebappsphp
https://www.exploit-db.com/exploits/34538

This exploit demonstrates an unauthenticated configuration access vulnerability in the WordPress Premium Gallery Manager plugin. It allows an attacker to modify WordPress settings, such as the admin email and default user role, by sending crafted POST requests to the vulnerable AJAX endpoint.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WordPress Premium Gallery Manager plugin
No auth needed
Prerequisites: Target must have the vulnerable plugin installed and accessible
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026