EIP-2026-114043

PRE-CVE

WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114043. PoCs published by Sammy FORGIT.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in the WordPress Shopping Cart plugin by injecting a malicious payload into the 'reqID' parameter of the 'exportsubscribers.php' script. This allows an attacker to manipulate SQL queries and potentially access or modify data in the underlying database.

Description

WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sammy FORGIT · textwebappsphp
https://www.exploit-db.com/exploits/38158

The exploit demonstrates a SQL injection vulnerability in the WordPress Shopping Cart plugin by injecting a malicious payload into the 'reqID' parameter of the 'exportsubscribers.php' script. This allows an attacker to manipulate SQL queries and potentially access or modify data in the underlying database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress Shopping Cart plugin 8.1.14
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026