EIP-2026-114072

PRE-CVE

WordPress Plugin Social Stream 1.5.15 - wp_options Overwrite

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114072. PoCs published by wp0Day.com.

AI-analyzed exploit summary This exploit targets a WordPress Social Stream plugin vulnerability (CVE-2026-137045) by overwriting the 'default_role' option via an authenticated AJAX request, allowing privilege escalation. It requires valid credentials and interacts with the plugin's 'dcwss_update' action to modify user roles.

Description

WordPress Plugin Social Stream 1.5.15 - wp_options Overwrite

Exploits (1)

exploitdb WORKING POC

by wp0Day.com · phpwebappsphp

https://www.exploit-db.com/exploits/39946

View Code ZIP pw:eip

This exploit targets a WordPress Social Stream plugin vulnerability (CVE-2026-137045) by overwriting the 'default_role' option via an authenticated AJAX request, allowing privilege escalation. It requires valid credentials and interacts with the plugin's 'dcwss_update' action to modify user roles.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: WordPress Social Stream Plugin v1.5.15

Auth required

Prerequisites: Valid WordPress credentials (customer/subscriber) · Access to wp-admin/admin-ajax.php

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026