EIP-2026-114010

PRE-CVE

WordPress Plugin Rich Widget - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114010. PoCs published by Crim3R.

AI-analyzed exploit summary This is a vulnerability writeup describing an arbitrary file-upload vulnerability in the Rich WidgetPlugin for WordPress. It allows an attacker to upload and execute arbitrary PHP code in the context of the web server process.

Description

WordPress Plugin Rich Widget - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by Crim3R · textwebappsphp

https://www.exploit-db.com/exploits/37653

View Code ZIP pw:eip

This is a vulnerability writeup describing an arbitrary file-upload vulnerability in the Rich WidgetPlugin for WordPress. It allows an attacker to upload and execute arbitrary PHP code in the context of the web server process.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Rich WidgetPlugin for WordPress (version not specified)

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026