EIP-2026-114079

PRE-CVE

WordPress Plugin Spellchecker 3.1 - '/general.php' Local/Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114079. PoCs published by Dr Trojan.

AI-analyzed exploit summary The provided text describes a local and remote file inclusion vulnerability in the Spellchecker plugin for WordPress. It includes example URIs demonstrating how an attacker could exploit the vulnerability to execute arbitrary scripts or access sensitive files.

Description

WordPress Plugin Spellchecker 3.1 - '/general.php' Local/Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dr Trojan · textwebappsphp

https://www.exploit-db.com/exploits/35607

View Code ZIP pw:eip

The provided text describes a local and remote file inclusion vulnerability in the Spellchecker plugin for WordPress. It includes example URIs demonstrating how an attacker could exploit the vulnerability to execute arbitrary scripts or access sensitive files.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Spellchecker plugin for WordPress 3.1

No auth needed

Prerequisites: Access to the target WordPress instance with the vulnerable plugin installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026