EIP-2026-114106
PRE-CVEWordPress Plugin TablePress 1.14 - CSV Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114106. PoCs published by Nikhil Kapoor.
AI-analyzed exploit summary This is a technical writeup detailing a CSV injection vulnerability in WordPress Plugin TablePress 1.14. It provides step-by-step reproduction instructions and a payload example, demonstrating how an attacker can inject malicious formulas into exported CSV files.
Description
WordPress Plugin TablePress 1.14 - CSV Injection
Exploits (1)
exploitdb
WRITEUP
by Nikhil Kapoor · textwebappsphp
https://www.exploit-db.com/exploits/50270
This is a technical writeup detailing a CSV injection vulnerability in WordPress Plugin TablePress 1.14. It provides step-by-step reproduction instructions and a payload example, demonstrating how an attacker can inject malicious formulas into exported CSV files.
Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
WordPress Plugin TablePress 1.14
Auth required
Prerequisites:
WordPress 5.8.0 installed · TablePress plugin 1.14 installed and activated · Authenticated access to WordPress admin panel
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026