EIP-2026-113982

PRE-CVE

WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113982. PoCs published by wp0Day.com.

AI-analyzed exploit summary This exploit targets a vulnerability in the Premium SEO Pack WordPress plugin (version 1.9.1.3) by overwriting wp_options to change the default user role on registration to Administrator. It requires authenticated access (customer or subscriber) and uses WordPress AJAX actions to manipulate settings.

Description

WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite

Exploits (1)

exploitdb WORKING POC

by wp0Day.com · phpwebappsphp

https://www.exploit-db.com/exploits/39978

View Code ZIP pw:eip

This exploit targets a vulnerability in the Premium SEO Pack WordPress plugin (version 1.9.1.3) by overwriting wp_options to change the default user role on registration to Administrator. It requires authenticated access (customer or subscriber) and uses WordPress AJAX actions to manipulate settings.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Premium SEO Pack WordPress Plugin 1.9.1.3

Auth required

Prerequisites: Valid WordPress credentials (customer or subscriber) · Target running Premium SEO Pack 1.9.1.3 · WordPress AJAX endpoint accessible

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026