EIP-2026-114032

PRE-CVE

WordPress Plugin Sermon Browser 0.43 - Cross-Site Scripting / SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114032. PoCs published by Ma3sTr0-Dz.

AI-analyzed exploit summary This PHP script exploits SQL injection and XSS vulnerabilities in the WordPress Sermon Browser plugin (version 0.43). It automates the extraction of database information such as user credentials, database version, and user login details via a union-based SQL injection attack.

Description

WordPress Plugin Sermon Browser 0.43 - Cross-Site Scripting / SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ma3sTr0-Dz · phpwebappsphp
https://www.exploit-db.com/exploits/35657

This PHP script exploits SQL injection and XSS vulnerabilities in the WordPress Sermon Browser plugin (version 0.43). It automates the extraction of database information such as user credentials, database version, and user login details via a union-based SQL injection attack.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress Sermon Browser Plugin 0.43
No auth needed
Prerequisites: Target must have the vulnerable Sermon Browser plugin installed · PHP environment to run the exploit script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026