EIP-2026-113985

PRE-CVE

WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113985. PoCs published by Heine Pedersen.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Pretty Link Lite for WordPress, including XSS and SQL injection. It provides direct URLs to trigger these vulnerabilities, allowing attackers to steal cookies or extract sensitive data from the database.

Description

WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Heine Pedersen · textwebappsphp

https://www.exploit-db.com/exploits/37196

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Pretty Link Lite for WordPress, including XSS and SQL injection. It provides direct URLs to trigger these vulnerabilities, allowing attackers to steal cookies or extract sensitive data from the database.

Classification

Working Poc 90%

Attack Type

Xss | Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Pretty Link Lite plugin for WordPress 1.5.2

No auth needed

Prerequisites: Access to the target WordPress site with Pretty Link Lite plugin installed

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026