EIP-2026-114096
PRE-CVEWordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114096. PoCs published by Erik David Martin.
AI-analyzed exploit summary This exploit demonstrates SQL injection and stored XSS vulnerabilities in WordPress Plugin Supsystic Contact Form 1.7.5. The SQLi is exploitable via the 'sidx' GET parameter, while the XSS is triggered through the 'Edit name' and 'Contact information' features.
Description
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
by Erik David Martin · textwebappsphp
https://www.exploit-db.com/exploits/49544
This exploit demonstrates SQL injection and stored XSS vulnerabilities in WordPress Plugin Supsystic Contact Form 1.7.5. The SQLi is exploitable via the 'sidx' GET parameter, while the XSS is triggered through the 'Edit name' and 'Contact information' features.
Classification
Working Poc 95%
Attack Type
Sqli | Xss
Complexity
Moderate
Reliability
Reliable
Target:
WordPress Plugin Supsystic Contact Form 1.7.5
Auth required
Prerequisites:
Access to WordPress admin panel · SQLmap for SQLi exploitation
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026