EIP-2026-114017

PRE-CVE

WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114017. PoCs published by MustLive.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in the RokStories WordPress plugin, including arbitrary file upload, XSS, information disclosure, and DoS. It includes example URLs demonstrating exploitation vectors but lacks functional exploit code.

Description

WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/38757

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in the RokStories WordPress plugin, including arbitrary file upload, XSS, information disclosure, and DoS. It includes example URLs demonstrating exploitation vectors but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak | Dos | Other

Complexity

Trivial

Reliability

Theoretical

Target: RokStories WordPress plugin 1.25

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026