EIP-2026-114087
PRE-CVEWordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114087. PoCs published by Hassan Khan Yusufzai.
AI-analyzed exploit summary The exploit demonstrates an authenticated SQL injection vulnerability in the WordPress Plugin stafflist 3.1.2. The vulnerable code directly interpolates user input into an SQL query without proper sanitization, allowing SQL injection via the 'search' parameter.
Description
WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
Exploits (1)
exploitdb
WORKING POC
by Hassan Khan Yusufzai · textwebappsphp
https://www.exploit-db.com/exploits/50928
The exploit demonstrates an authenticated SQL injection vulnerability in the WordPress Plugin stafflist 3.1.2. The vulnerable code directly interpolates user input into an SQL query without proper sanitization, allowing SQL injection via the 'search' parameter.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
WordPress Plugin stafflist 3.1.2
Auth required
Prerequisites:
Authenticated access to WordPress admin panel · WordPress Plugin stafflist 3.1.2 installed
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026