EIP-2026-114033

PRE-CVE

WordPress Plugin SermonBrowser 0.43 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114033. PoCs published by Ma3sTr0-Dz.

AI-analyzed exploit summary This PHP script exploits a SQL injection vulnerability in the WordPress SermonBrowser Plugin 0.43. It retrieves sensitive database information such as user credentials, database version, and user login details by injecting crafted SQL queries.

Description

WordPress Plugin SermonBrowser 0.43 - SQL Injection

Exploits (1)

exploitdb WORKING POC

by Ma3sTr0-Dz · phpwebappsphp

https://www.exploit-db.com/exploits/17214

View Code ZIP pw:eip

This PHP script exploits a SQL injection vulnerability in the WordPress SermonBrowser Plugin 0.43. It retrieves sensitive database information such as user credentials, database version, and user login details by injecting crafted SQL queries.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WordPress SermonBrowser Plugin 0.43

No auth needed

Prerequisites: Target must be running WordPress with SermonBrowser Plugin 0.43 · Plugin must be accessible via the web

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026