EIP-2026-114016

PRE-CVE

WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114016. PoCs published by MustLive.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in the RokNewsPager WordPress plugin, including XSS, arbitrary file upload, DoS, and information disclosure. It includes example URLs demonstrating exploitation vectors but lacks actual exploit code.

Description

WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/38756

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in the RokNewsPager WordPress plugin, including XSS, arbitrary file upload, DoS, and information disclosure. It includes example URLs demonstrating exploitation vectors but lacks actual exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak | Dos | Other

Complexity

Trivial

Reliability

Theoretical

Target: RokNewsPager WordPress plugin (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026