EIP-2026-114013

PRE-CVE

WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114013. PoCs published by MustLive.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in the TimThumb WordPress plugin, including XSS, file upload, path disclosure, and DoS. It provides example URLs to exploit these vulnerabilities but does not include executable code.

Description

WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/38133

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in the TimThumb WordPress plugin, including XSS, file upload, path disclosure, and DoS. It provides example URLs to exploit these vulnerabilities but does not include executable code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak | Auth Bypass | Dos | Other

Complexity

Trivial

Reliability

Reliable

Target: TimThumb WordPress plugin (versions with Rokbox integration)

No auth needed

Prerequisites: Access to the target WordPress site with TimThumb plugin installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026