EIP-2026-114080
PRE-CVEWordPress Plugin Spicy Blogroll - Local File Inclusion
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114080. PoCs published by Ahlspiess.
AI-analyzed exploit summary This PHP script exploits a file inclusion vulnerability in the WordPress Spicy Blogroll plugin by crafting a malicious request to include arbitrary files via the `var2` and `var4` parameters. The `scramble` function is used to obfuscate the payload, which is then sent to the vulnerable endpoint.
Description
WordPress Plugin Spicy Blogroll - Local File Inclusion
Exploits (1)
This PHP script exploits a file inclusion vulnerability in the WordPress Spicy Blogroll plugin by crafting a malicious request to include arbitrary files via the `var2` and `var4` parameters. The `scramble` function is used to obfuscate the payload, which is then sent to the vulnerable endpoint.