EIP-2026-114070

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114070. PoCs published by waraxe.

AI-analyzed exploit summary The document describes multiple vulnerabilities in the WordPress Social Discussions Plugin version 6.1.1, including a Remote File Inclusion (RFI) vulnerability due to uninitialized variables and Full Path Disclosure (FPD) via direct script access. The RFI requires specific PHP configurations, while the FPD relies on error messages.

Description

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by waraxe · textwebappsphp

https://www.exploit-db.com/exploits/22158

View Code ZIP pw:eip

The document describes multiple vulnerabilities in the WordPress Social Discussions Plugin version 6.1.1, including a Remote File Inclusion (RFI) vulnerability due to uninitialized variables and Full Path Disclosure (FPD) via direct script access. The RFI requires specific PHP configurations, while the FPD relies on error messages.

Classification

Writeup 100%

Attack Type

Rce | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WordPress Social Discussions Plugin 6.1.1

No auth needed

Prerequisites: register_globals=on · register_long_arrays=off · allow_url_include=on for RFI · PHP < 5.3.4 for LFI null-byte attacks · magic_quotes_gpc=off for LFI null-byte attacks · display_errors=on for FPD

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details